From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Daniel P. Berrange" Subject: Re: [PATCH] vnclisten for HVM vnc Date: Wed, 27 Sep 2006 20:42:02 +0100 Message-ID: <20060927194202.GP20056@redhat.com> References: <1157216132.2805.4.camel@aglarond.local> <1159385776.16252.17.camel@orodruin.boston.redhat.com> Reply-To: "Daniel P. Berrange" Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <1159385776.16252.17.camel@orodruin.boston.redhat.com> List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Sender: xen-devel-bounces@lists.xensource.com Errors-To: xen-devel-bounces@lists.xensource.com To: Jeremy Katz Cc: xen-devel List-Id: xen-devel@lists.xenproject.org On Wed, Sep 27, 2006 at 03:36:16PM -0400, Jeremy Katz wrote: > On Sat, 2006-09-02 at 12:55 -0400, Jeremy Katz wrote: > > Implement a 'vnclisten' option to limit the interface that the VNC > > server from qemu listens on. This leaves the default behavior as > > listening on all interfaces. > > > > Signed-off-by: Jeremy Katz > > danpb said something about this and it reminded me I never saw any > feedback.... Bueller? :-) IMHO, we should only listen on 127.0.0.1 by default - particularly since the Xen 3.0.3 release isn't going to have password authentication on the VNC servers yet :-( It'll be all too easy for someone to turn on VNC in the guest config & not realize they just opened themselves up to any person on the network by default. That kind of default insecure behaviour is best left in the Windows world Dan. -- |=- Red Hat, Engineering, Emerging Technologies, Boston. +1 978 392 2496 -=| |=- Perl modules: http://search.cpan.org/~danberr/ -=| |=- Projects: http://freshmeat.net/~danielpb/ -=| |=- GnuPG: 7D3B9505 F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 -=|