|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [Xen-devel] [PATCH] vnclisten for HVM vnc
> > > IMHO, we should only listen on 127.0.0.1 by default - particularly > since > > > the Xen 3.0.3 release isn't going to have password authentication on > the > > > VNC servers yet :-( It'll be all too easy for someone to turn on VNC > > > in the guest config & not realize they just opened themselves up to any > > > person on the network by default. That kind of default insecure > behaviour > > > is best left in the Windows world > > > > I don't necessarily disagree, but changing the semantics like that felt > > a little bit ugly to me -- it definitely leads to a case where going > > from 3.0.2 -> 3.0.3 would break configurations users were actively > > using. > > It is a painful problem I agree, but I think the security benefit is worth > the pain of breaking user's existing configs. Its not a difficult task for > users to re-enable the wide-open-to-anyone config if they really do need > it. I agree too: we should listen on 127.0.0.1 by default. Ian _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
 |
Lists.xenproject.org is hosted with RackSpace, monitoring our |