All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Daniel P. Berrange" <berrange@redhat.com>
To: Attila-Mihaly Balazs <dify.ltd@gmail.com>
Cc: qemu-devel@nongnu.org, kraxel@redhat.com
Subject: Re: [Qemu-devel] [PATCH] Make password based authentication the default for VNC
Date: Tue, 7 Jun 2016 10:24:43 +0100	[thread overview]
Message-ID: <20160607092443.GB20196@redhat.com> (raw)
In-Reply-To: <CAOqyLXj2KizZN=PAT2hukWoTGD+vc=5TrAJFH05q4zWyZdXjdg@mail.gmail.com>

On Tue, Jun 07, 2016 at 12:13:06PM +0300, Attila-Mihaly Balazs wrote:
> To improve the security of the embedded VNC server make password
> based authentication the default when no authentication mechanism
> is specified.

VNC password authentication offers no meaningful level of security,
so this is really just going to change long standing default behaviour
of QEMU VNC configuration without any real world benefit IMHO.

Anyone who actually wants credible real world security should be using
the TLS and/or SASL options to VNC, never the awful legacy passwd based
auth.

Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

  reply	other threads:[~2016-06-07  9:24 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-06-07  9:13 [Qemu-devel] [PATCH] Make password based authentication the default for VNC Attila-Mihaly Balazs
2016-06-07  9:24 ` Daniel P. Berrange [this message]
2016-06-07 17:46   ` Attila-Mihaly Balazs
2016-06-07 20:35     ` Gerd Hoffmann

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160607092443.GB20196@redhat.com \
    --to=berrange@redhat.com \
    --cc=dify.ltd@gmail.com \
    --cc=kraxel@redhat.com \
    --cc=qemu-devel@nongnu.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.