> From: Glenn Lovitz [mailto:[EMAIL PROTECTED] > > So, you're saying that Unix clients are using this > >famous getpasswd() function! That means it's the answer to my > >second question in another mail that nobody has answered: > >client chop off from the password from the 9th characters > >before sending it out (encrypted or not is another matter). > >That is bad, really bad. > > How long must this poor beaten horse be dead before it rests in peace! > > You do not seem to understand that you _NEVER_ set a long > password in the > first place -- you just thought you did. > > VNCPASSWD on any platform encrypts and stores _ONLY_ (up to) > the first 8 > characters you input. The 9th and greater characters _NEVER_ > existed for > _ANY_ platform except in the space in which you typed them. > > The client cannot chop off what never was in the first place!
Er, hm. The best way to kill a horse is to *shoot* it, not to beat it to death. This can best be accomplished by *enforcing* the 8-character password limit in a way visible to the person typing in the password. Prevent the user from entering passwords with 9 or more characters, preferably with an alert saying "VNC passwords are limited to 8 characters, sorry." Matthew van Eerde Software Engineer Hispanic Business Inc. HireDiversity.com 805.964.4554 x902 [EMAIL PROTECTED] http://www.hispanicbusiness.com http://www.hirediversity.com _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
