RE: [Xen-devel] [PATCH] vnclisten for HVM vnc

> > > IMHO, we should only listen on 127.0.0.1  by default -
particularly
> since
> > > the Xen 3.0.3 release isn't going to have password authentication
on
> the
> > > VNC servers yet :-(   It'll be all too easy for someone to turn on
VNC
> > > in the guest config & not realize they just opened themselves up
to any
> > > person on the network by default. That kind of default insecure
> behaviour
> > > is best left in the Windows world
> >
> > I don't necessarily disagree, but changing the semantics like that
felt
> > a little bit ugly to me -- it definitely leads to a case where going
> > from 3.0.2 -> 3.0.3 would break configurations users were actively
> > using.
> 
> It is a painful problem I agree, but I think the security benefit is
worth
> the pain of breaking user's existing configs. Its not a difficult task
for
> users to re-enable the wide-open-to-anyone config if they really do
need
> it.

I agree too: we should listen on 127.0.0.1 by default.

Ian





_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-devel] [PATCH] vnclisten for HVM vnc, Daniel P. Berrange

Next by Date:

Re: [Xen-devel] TLB flushing in blktap kernel driver?, Andrew Warfield

Previous by Thread:

Re: [Xen-devel] [PATCH] vnclisten for HVM vnc, Daniel P. Berrange

Next by Thread:

Re: [Xen-devel] [PATCH] vnclisten for HVM vnc, Daniel P. Berrange

Indexes:

[Date] [Thread] [Top] [All Lists]