<shrugs> I'm thankful I'm in a company that can actually trust it's employees. most everyone's password is stored in a clear text file that is world readable via a passwordless guest account (internal access only). I'm the only one who ever connects from the outside world, and that is done via ssh inside a VPN tunnel to start an X session back to my client (also through the VPN tunnel). the biggest "hacking" problem we have is occasionally a cheap station gets accidentally "hacked" to pieces by a forklift. my consulting is another story, and that is where I generally have the client connect to my listening viewer. I still prefer some kind of encryption for that, and usually set it up the first time I connect so I can drop and reconnect via the encrypted tunnel. but again, I'm still doing so without passwords and usually with the VNC server refusing incoming connections period.
I do thank you for the delineation. how difficult would it be for a non-programmer to get the tools to unobfuscate the password? -----Original Message----- From: James Weatherall [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 03, 2005 09:55 To: Erik Soderquist; 'Alvord, Tim'; [email protected] Subject: RE: Disabling the Options button in the Connection Details dialog Erik, The password is stored in an obfuscated (i.e. NOT encrypted) form in the .vnc Configuration File, so that the viewer can use it when connecting to the server. You should therefore take great care with configuration files that include passwords, to avoid them being used by others. Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: Erik Soderquist [mailto:[EMAIL PROTECTED] > Sent: 29 April 2005 20:18 > To: James Weatherall; Alvord, Tim; [email protected] > Subject: RE: Disabling the Options button in the Connection > Details dialog > > not a programmer I can't look to the source to know what it does with > the password, but I gather from your statement that this is either a > reversible encryption or a simple encoding. correct? > > -----Original Message----- > From: James Weatherall [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 28, 2005 18:24 > To: Erik Soderquist; 'Alvord, Tim'; [email protected] > Subject: RE: Disabling the Options button in the Connection Details > dialog > > Erik: > > The user wouldn't have to "crack" the password to get it, > they can just > un-obfuscate it. > > Tim: > > What is it that you are actually trying to achieve by disabling the > Options > button? What is it that your users might do with the Options dialog > that is > a problem? If what you're really trying to do is prevent them from > sending > pointer or key events, you should be configuring that on the > server, not > the > viewer, since there is no way for the viewer to bypass your server > configuration. > > Regards, > > Wez @ RealVNC Ltd. > > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Erik Soderquist > Sent: 28 April 2005 19:26 > To: Alvord, Tim; [email protected] > Subject: RE: Disabling the Options button in the Connection Details > dialog > > > personally, we use preconfigured config files for the machines we > connect > to. (we are using version 3.3.7) I've included a sample here, the > "restricted=1" line disables changes while the viewer is running. this > also > connects without prompting for a host name or password. the > password is > store in some kind of encrypted form, so unless the user knows the > password > already, or can crack the hashed version here, the user has no choice > but to > use the config file to connect. in this example, the hash here is for > the > word 'temp' as the password. > > ---begin copied text--- > > [connection] > host=host.domain.com > port=5900 > password=d54129f271951014 > [options] > use_encoding_0=1 > use_encoding_1=1 > use_encoding_2=1 > use_encoding_3=0 > use_encoding_4=1 > use_encoding_5=1 > use_encoding_6=0 > use_encoding_7=0 > use_encoding_8=0 > use_encoding_9=0 > use_encoding_10=0 > use_encoding_11=0 > use_encoding_12=0 > use_encoding_13=0 > use_encoding_14=0 > use_encoding_15=0 > use_encoding_16=1 > preferred_encoding=5 > restricted=1 > viewonly=1 > fullscreen=0 > autoDetect=1 > 8bit=0 > shared=1 > swapmouse=0 > belldeiconify=1 > emulate3=1 > emulate3timeout=100 > emulate3fuzz=4 > disableclipboard=1 > localcursor=1 > scale_num=1 > scale_den=1 > > ---end copied text--- > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On > Behalf Of Alvord, Tim > Sent: Friday, April 15, 2005 14:22 > To: [email protected] > Subject: Disabling the Options button in the Connection Details dialog > > Is there a way to disabling the Options button in the > Connection Details > dialog? I currently launch the viewer from the command line > as follows: > > C:\WINDOWS\Desktop\Viewer.exe SendPointerEvents=0 SendKeyEvents=0 > MenuKey= > > and I would prefer the user not be able to change these options simply > by > clicking on the Options button in the Connection Details dialog. Any > ideas? > > Tim Alvord > Software Engineer > > > > -------------------------------------------------------------- > ---------- > ------------------------------------ > ****Effective January 1, 2005, Kavlico Corporation's street name has > been > changed from Los Angeles Avenue to Princeton Avenue in compliance with > the > current requirements established by the City of Moorpark. Our new > address > is 14501 Princeton Avenue. Please note that we have not physically > relocated > or moved, our Zip Code will remain the same, and we request that you > communicate this address change to all appropriate departments and > personnel.**** > > > -------------------------------------------------------------- > ---------- > ------------------------------------ > TRANSMITTAL OF PROPRIETARY MATERIAL: The information contained in this > document is proprietary to Kavlico, transmitted solely to the > recipient > for > the transaction of business between the recipient and Kavlico. Receipt > or > possession confers no interest in, nor right to use the design > information > in whole or part except as required in connection with business > transactions > between Kavlico Corporation and the recipient. Recipient may > not copy, > reproduce, transmit or disclose any information contained hereon to > others > without express permission of Kavlico. If you have received this > document in > error, please notify us immediately and destroy the document. > -------------------------------------------------------------- > ---------- > ------------------------------------ > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
