|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: RE : Re: [Xen-users] XEN domUs and X11 (maybe not Xen-related)
Frédérique Da Luene wrote: Hi Nico, --- Nico Kadel-Garcia <nkadel@xxxxxxxxx> a écrit :Or, if you feel the need, you can use the vncviewer built into Xen itself, but this presents othermanagement and security issues.And what are those security issues (you can point me to some reference docs on the 'net, of course). Tia, FdL No need: I wrote the SunOS port for VNC years ago.1: VNC sessions do not necessarily close the X session running on the VNC server when they disconnect. In fact, configured appropriately, multiple people can share the same session, and it'll stay open and active until the last person disconnects, even if it's set to auto-logout. 2: Since that session is still open, anyone who gets the VNC access or VNC password now potentially has access to any open consoles on the VNC server. This is a serious security issue with lots of VNC based tools, such as most remote KVM's. It mandates that you use a good screenlock on the VNC server's X session, in case you walk away and come back. Xen default setups attempt to deal with this somewhat by restricting those VNC clients to access from the Dom0 itself. But woe betide the admin who opens it up for remote management and fails to protect their X session! _______________________________________________ Xen-users mailing list Xen-users@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-users
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |