From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from eggs.gnu.org ([2001:4830:134:3::10]:49846) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bADFk-0004t5-Bh for qemu-devel@nongnu.org; Tue, 07 Jun 2016 05:24:53 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bADFf-0001J2-JT for qemu-devel@nongnu.org; Tue, 07 Jun 2016 05:24:51 -0400 Received: from mx1.redhat.com ([209.132.183.28]:37430) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bADFf-0001In-EC for qemu-devel@nongnu.org; Tue, 07 Jun 2016 05:24:47 -0400 Date: Tue, 7 Jun 2016 10:24:43 +0100 From: "Daniel P. Berrange" Message-ID: <20160607092443.GB20196@redhat.com> Reply-To: "Daniel P. Berrange" References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: Subject: Re: [Qemu-devel] [PATCH] Make password based authentication the default for VNC List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Attila-Mihaly Balazs Cc: qemu-devel@nongnu.org, kraxel@redhat.com On Tue, Jun 07, 2016 at 12:13:06PM +0300, Attila-Mihaly Balazs wrote: > To improve the security of the embedded VNC server make password > based authentication the default when no authentication mechanism > is specified. VNC password authentication offers no meaningful level of security, so this is really just going to change long standing default behaviour of QEMU VNC configuration without any real world benefit IMHO. Anyone who actually wants credible real world security should be using the TLS and/or SASL options to VNC, never the awful legacy passwd based auth. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|