Hi,
> Agreed. The target of this patch is however not people who know that
> they want security, but rather people who don't know it :-). Ie.
> people who just run things with their default settings and stop as
> soon as it seems to work, without conideration for security.
I have my doubts this
On Tue, Jun 7, 2016 at 12:24 PM, Daniel P. Berrange wrote:
> On Tue, Jun 07, 2016 at 12:13:06PM +0300, Attila-Mihaly Balazs wrote:
>> To improve the security of the embedded VNC server make password
>> based authentication the default when no authentication mechanism
>> is specified.
>
> VNC passw
On Tue, Jun 07, 2016 at 12:13:06PM +0300, Attila-Mihaly Balazs wrote:
> To improve the security of the embedded VNC server make password
> based authentication the default when no authentication mechanism
> is specified.
VNC password authentication offers no meaningful level of security,
so this i
To improve the security of the embedded VNC server make password
based authentication the default when no authentication mechanism
is specified.
If you really want to use "no authentication", a new authentication
option called "insecure" is introduced which needs to be explicitly
specified.
Note:
