qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire

From: Gerd Hoffmann
Subject: Re: [Qemu-devel] [PATCH 2/3] vnc: support password expire
Date: Tue, 09 Nov 2010 14:42:08 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.9) Gecko/20100827 Red Hat/3.1.3-1.el6 Thunderbird/3.1.3 
On 11/02/10 12:15, Gerd Hoffmann wrote:

  Hi,


How does password expiration help with security at all?


VNC passwords are obviously rather weak, so if you can limit
the time the password is valid to the window in which you
are expecting the incoming VNC connection this limits the
time to attack the VNC password. A mgmt tool could do

- Set a VNC password
- Open the VNC connection
- Clear the VNC password

If anything goes wrong in the mgmt tool at step 2 though,
then it may never to step 3, leaving the VNC server accessible.
If it had set a password expiry at step 1, it would have a
safety net that guarentees the password will be invalid after
'n' seconds, even if not explicitly cleared. Given how little
code this is in QEMU, I think it is a worthwhile feature.


Anthony? Do you agree? If so I have a updated tree to pull from for you
(rebased to latest master, added sign-offs, otherwise unmodified).


[ ... ]


are available in the git repository at:
git://anongit.freedesktop.org/spice/qemu passwd.2


Ping?  What is the status here?

cheers,
  Gerd
reply via email to
[Prev in Thread] Current Thread [Next in Thread]