Hi Jeremy ----- Original Message ----- > On 06/14/2017 02:55 PM, marcandre.lur...@redhat.com wrote: > > From: Marc-André Lureau <marcandre.lur...@redhat.com> > > > > The spice-controller was a small library to let NPAPI browser plugins > > communicate with the spice client. Due to usage of vala, the library > > could not promise ABI stability, and was also considerer a pretty > > poor implementation. > > > > Furthermore, major browser vendors began to phase out NPAPI support in > > 2013, and some would like to see it gone by the end of this > > year (realistically, it may not happen though). > > > > As an alternative, remote-viewer (the first class Spice client) > > learned to connect with a file of mime type application/x-virt-viewer, > > as early as February 2013 with v0.5.5. > > > > RFC as we may want to have another release with the controller, and > > announce it's the last one that will ship it - remote-viewer should > > follow with a similar announcement. > > The spice controller also provides the ability for an application to > securely pass a username and password in via the controller socket.
The password should be a one time / short lived token when used with .vv file. And if it is sent over a network it should be sent over a secured mean (https for ex) > The use of a file would have potential risk vectors. Is there an option > to provide that facility? I don't see much alternative. Do you a other proposal? _______________________________________________ Spice-devel mailing list Spice-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/spice-devel
