Tyran, Your "fix" requires that the "second password" is passed to the server in the first place, so that it can decrypt the stored password in order to verify the user. This has the simple flaw that any user (even a non-Administrator) can run a server which requests the password, uses it to decrypt the stored one, and then has both...
The best solution for the sorts of environment you're describing is to simply allow users to authenticate using their own logon credentials on those systems, as is supported by VNC Enterprise Edition. This removes the need for separate VNC passwords, moving the onus for keeping passwords secure to the operating system's existing password protection mechanisms. Regards, Wez @ RealVNC Ltd. > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tyran Ormond > Sent: 19 October 2006 14:55 > To: James Weatherall > Cc: [email protected] > Subject: RE: personal edition: password visible?? > > On 02:18 PM 10/19/2006 +0100, it would appear that James > Weatherall wrote: > >Tyran, > > > > > Regardless, if the current user can > > > read the key, the current user has full access to the clear text > > > password via SIW and likely other similar utilities. > > > >The current user can only read the relevant keys if they are > a member of the > >Administrators group, in which case they have complete > access to your system > >anyway. > > True but you're missing the point I was making: Group A are Domain > Admins and have access to all the machines across the network via > their own user account and via VNC. Group B are part of the > Administrators Group on their own machines only (due to idiot > software that can only be run under an administrative account) and > are restricted access to only their machines and have no VNC access > to any machines. > > I really don't care if Group B has full access to their own machines > but they simply can't have access to any other machines via > VNC. However, if a company uses one VNC password for all machines > and the above scenario exists, then users in Group B have full VNC > access to any machine on the network. As the one password for all > machines is likely a common scenario, pointing this situation out is > probably a good idea. > > That being said, there is a simple fix for this: Use different > passwords for those in Group B. This requires a bit more work on the > part of Group A but then it simply does not matter whether Group B > knows the VNC passwords to their own machine. > > There is also a simple (in theory) permanent fix. Instead of simply > obfuscating the password in the registry, actually encrypt it. When > a client connects, provide two passwords. The first being the key to > decrypt the registry entry and the second being the actual VNC > password. With such a scheme, it doesn't matter who can read that > registry entry because without the decryption key, the entry > is worthless. > > > Tyran Ormond > Programmer/LAN Administrator > Central Valley Water Reclamation Facility > [EMAIL PROTECTED] > _______________________________________________ > VNC-List mailing list > [email protected] > To remove yourself from the list visit: > http://www.realvnc.com/mailman/listinfo/vnc-list _______________________________________________ VNC-List mailing list [email protected] To remove yourself from the list visit: http://www.realvnc.com/mailman/listinfo/vnc-list
