On Sun, Mar 16, 2003 at 03:07:17PM -0500, Andy Saxena wrote:
| Hi,
|
| I am trying to figure out a way to securely connect to the X server on
| my machine (the host machine) using a web browser.
|
| Tightvnc with java is very promising since I don't need any special
| software as the applet downloads from the host machine upon access
| through the browser.
|
| I don't know much about how java works, and i am trying to determine if
| the tightvnc applet is using a secure connection when it connects to
| port 59xx on the host.
No it doesn't. VNC implementations (and the protocol itself) have no
security built-in beyond the password.
| What are the security implications in this arrangement?
Someone with a packet sniffer can get your password, then all bets are
off.
What I do is first ssh to the server and use local port forwarding to
tunnel the VNC connection. Then all the VNC data (including the
password) is encrypted.
-D
--
Misfortune pursues the sinner,
but prosperity is the reward for the righteous.
Proverbs 13:21
http://dman.ddts.net/~dman/
Attachment:
pgpL6nfxRQW2L.pgp
Description: PGP signature