Session without typing password?

Com MN PG P E B Consultant 3 "at"
Mon Nov 14 14:19:00 2005

> I strongly advise against trying to run a VNC server with no password.
> That should never be an option.  It's one thing to save the password for
> your personal viewer but it's not wize at all to open that up to the
> whole world.  

Would it mean that running the server with no password, would allow access
to everyone who

  - knows the IP address of the machine running the server,
  - knows its port, and
  - can physically access the machine (i.e. using ping)

to also access my session? In this case, you are right - I've thought about
it, and this would indeed be too dangerous.

> The /password switch isn't available for all flavors of VNC 
> server.  Do
> a vncviewer /? To check yours. 

This is what it says (I'm using vncviewer on Windows XP):

VNC Viewer 4.0 - VNC Viewer for Win32, Version 4.0
Built on Jun 15 2004 at 14:29:29
Copyright b RealVNC Ltd. 2002-2004

usage: vncviewer <options> <hostname>[:<display>]
Command-line options:
  -help                                - Provide usage information.
  -config <file>                       - Load connection settings from VNCViewer
 3.3 settings file
  -console                             - Run with a console window visible.
  <setting>=<value>                    - Set the named configuration parameter.
    (Parameter values specified on the command-line override those specified by
other configuration methods.)

Log names:
  TcpSocket, RegConfig, MsgWindow, CKeyboard, DIBSection, CPointer, Clipboard, M
onitorInfo, DynamicFn, DeviceContext, WMShatter, AboutDialog, PropSheet, Dialog,
 Registry, SMsgWriter, Threading, VncAuth, Cursor, PixelBuffer, CConnection, Con
fig, main, Options, Info, CViewManager, CView

Log destinations:

  ZlibLevel  - Zlib compression level (default=-1)
  Log        - Specifies which log output should be directed to which target
               logger, and the level of output to log. Format is
               <log>:<target>:<level>[, ...]. (default=*:stderr:0)
  Listen     - Accept incoming connections from VNC servers. (default=0)
  MenuKey    - The key which brings up the popup menu (default=F8)
  Monitor    - The monitor to open the VNC Viewer window on, if available.
  AcceptBell - Produce a system beep when requested to by the server.
  Emulate3   - Emulate middle mouse button when left and right buttons are used
               simulatenously. (default=0)
  PointerEventInterval - The interval to delay between sending one pointer
               event and the next. (default=0)
  Protocol3.3 - Only use protocol version 3.3 (default=0)
  ServerCutText - Accept clipboard changes from the server. (default=1)
  ClientCutText - Send clipboard changes to the server. (default=1)
  SendKeyEvents - Send key presses (and releases) to the server. (default=1)
  SendPointerEvents - Send pointer (mouse) events to the server. (default=1)
  Shared     - Allow existing connections to the server to continue.(Default is
               to disconnect all other clients) (default=0)
  AutoSelect - Auto select pixel format and encoding (default=1)
  PreferredEncoding - Preferred graphical encoding to use - overridden by
               AutoSelect if set. (ZRLE, Hextile or Raw) (default=ZRLE)
  FullScreen - Use the whole display to show the remote desktop.(Press F8 to
               access the viewer menu) (default=0)
  LowColourLevel - Colour level to use on slow connections. 0 = Very Low (8
               colours), 1 = Low (64 colours), 2 = Medium (256 colours)
  FullColour - Use full colour (default is to use low colour unless auto select
               decides the link is fast enough) (default=0)
  UseDesktopResize - Support dynamic desktop resizing (default=1)
  UseLocalCursor - Render the mouse cursor locally (default=1)
  DebugDelay - Milliseconds to display inverted pixel data - a debugging
               feature (default=0)