You can try a kind of two level security without any code changes by
simply using two servers in a master-slave arrangement. We use this
technique to export view only copies of our control room applications.
Here's how it could work for you: the presenter controls one Vnc server
- the "master". The audience connects to the "slave" Vnc server using
the advertised password. On the slave server you run vncviewer full
screen, displaying a view-only copy of the master Vnc server. Now your
presenter can operate the display, watched by an audience which can only
look without touching.
Okay, so you cannot stop someone killing the vncviewer in the middle
(F8-> menu->Send F8->Quit), but presumably you trust your community
since you gave them the slave password.
A further advantage is that the load due to many viewers is borne at the
slave.
> >Unfortunately, VNC does not really support any kind of (enforced)
> >seperation of these two kinds of users. The underlying issue, from a
> >security standpoint, is that VNC doesn't differentiate between
> >authentication and authorization: if you authenticate at all, you're
> >authorized (as far as VNC is concerned) to do whatever you want on the
> >server. From a security standpoint, it'd be useful to see
> >segmentation between the "view" mode and the "modify" mode (where your
> >input is actually processed by the server).
>
> I've thought about this issue as well - VNC needs a better security system,
> quite badly. It's perfectly possible for the VNC server to differentiate
> between two passwords, and disable all input controls for the alternate
> password. However, I don't know of any server which actually does this. I
> also agree that this would be a useful feature.
--
Regards, Mark.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
