Mike Miller said: > On Tue, 31 Aug 2004, William Hooper wrote: > > >> Mike Miller said: >> [snip] >> >>> I'm not understanding this. Take Linux for example - suppose I use >>> SSH >>> port forwarding, but VNC is still there on port 5901. >> >> Port 5901 is firewalled off from everything but localhost. The only >> way to cause the issue then is to be a local user. > > I see. That makes sense. Of course this means that in addition to > setting up SSH on both ends, you have to set up a firewall.
On a *nix system, SSH is almost a given. If the machine is on an untrusted network, the firewall should be too. > I guess that > isn't hard for experts, but it's tricky for your average Joe. So most > people are going to take the insecure route, which may be bad for VNC's > word-of-mouth advertising. People will choose convenience over security no matter what you do. > It will be better, of course, to work SSH > into the VNC product I disagree. Encryption is something best left to programs that specialize in encryption. Why try to maintain your own codebase when there are other secure codebases out there that are easy to set up? Not to mention the ability to choose the one that best fits your needs (SSH is dead simple for *nix systems, stunnel or Zeebede is simple Windows based systems, etc.). > and fix the DoS vulnerability. I'm not arguing that it shouldn't be fixed, just pointing out that it can be mitigated quite easily. -- William Hooper _______________________________________________ VNC-List mailing list [EMAIL PROTECTED] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
