Cyril Plisko wrote: > On Tue, Sep 15, 2009 at 12:05 PM, Darren J Moffat <Darren.Moffat at sun.com> > wrote: >> How does this work when the Solaris system is running with Trusted >> Extensions enabled ? In particular given that the screensaver is a trusted >> path concept and cut and paste is intercepted on trusted path and subject to >> authorisation. >> >> I was surprised you said there was no authentication or authorisation, but >> then the upstream page on "Security" says this: >> >> "Synergy does not do any authentication or encryption. Any computer can >> connect to the synergy server if it provides a screen name known to the >> server" >> >> Scarey! Does that really mean what it says ? If I run synergy on my >> Solaris desktop anything that can make a network connection to it can grab >> the keyboard and mouse ? That is scarey! I can't find out from the > > Reality isn't that bad AFAIK. The server process (synergys) is run on > machine with you physical keyboard/mouse. And client processes > (synergyc) are connected to it from other machines.
So there is a process running on my machine listening for network connections. > synergyc doesn't > grab you keyboard and mouse, but rather server injects events to the > client. So if anyone fakes a client identification and connect to you > machine with server running she becomes controlled by you, rather than > vice versa. Understood, but that doesn't answer my questions. >> project home page how port numbers are selected and if it is possible to >> force it to bind to localhost only (so that if can be run over SSH and not >> still exposed unencrypted). > > synergy documentation provides a recipe on how to implement it via SSH I read that, what I couldn't find was how to force synergy to only bind to localhost. If it doesn't bind to localhost then I need to ensure that there are ipfilter rules in place to block it. -- Darren J Moffat
