On Sat, Jan 05, 2008 at 10:43:56PM +0200, Jussi Peltola wrote: > On Sat, Jan 05, 2008 at 11:36:04AM -0500, Douglas A. Tutty wrote: > > Perhaps you could use the banking machine as your main access point, > > running apps on the main box via ssh. Would that introduce any > > insecurity in the banking machine? > I certainly wouldn't do sensitive things on an X server with untrusted > clients. What makes you think a remote X client is any less dangerous > than a local one? >
The remote X client (e.g. a browser) would be running on a box that didn't contain exceedingly confidential info, however lets say it was running OpenBSD, and therefore OpenBSD's OpenSSH and Xorg. The local box would also run OpenBSD and would have on its filesystem all the confidential information. The only connection between the two would be the ssh link. Is there anything that, bug-wise, could go wrong with that remote browser that would be able to read or alter anything on the local machine? I'm talking about using ssh's X forwarding features, not using X's native forwarding. For banking, use a browser on the local machine directly. Doug.
