[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kmail-devel
Subject:    Re: vnc url support
From:       Tim Jansen <tim () tjansen ! de>
Date:       2002-06-16 19:38:35
[Download RAW message or body]

On Sunday 16 June 2002 20:37, Marc Mutz wrote:
> Hmm, there's a reason why only mailto/ftp(s)/http(s) URLs are
> highlighted. Esp. file:// can be nasty. Please provide a more detailed
> review of the security implications of this patch.

krdc (Remote Desktop Connection, a VNC client) is installed as a helper for 
the vnc protocol. So if somebody clicks on the URL and krdc is installed, it 
will be started with the given URL. If krdc is not installed, nothing happens 
as there is no other VNC client that installs the protocol correctly, the 
user gets an error message "protocol not supported". 

krfb, the VNC server, has the capability to create invitations. The main use 
case is to allow an inexperienced user to let an more experienced 
friend/adminstrator to see and possibly control the user's desktop. The most 
convenient way to send an invitation right now is to send it as an email. 
krfb will then start a kmail message composing window with a pre-written 
email containing the user's IP, port and a session password. 

Security measures for (email) in krfb invitations are: 
- before the user sends an invitation via email she is warned to encrypt that 
mail or at least send it over a secure network (e.g. company network) and not 
over the Internet. She is also told of the security implications. 
- session passwords are random-generated, only valid for one connection and 
expire after one hour
- when the client connects to the server, a prominent dialog appears on the 
server side, showing the client's IP, and asks whether the user really wants 
that client to connect (this is done after the accepting the TCP connection, 
but before reading or sending any data from/to the client)
- the default lets the client view the server's desktop, but not control it. 
This requires a selected check box in the connection dialog or a click in 
krfb's system tray popup menu

bye...






_______________________________________________
KMail Developers mailing list
kmail@mail.kde.org
http://mail.kde.org/mailman/listinfo/kmail
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic