IUBio

GCG Package!

Tim Cutts timc at chiark.greenend.org.uk
Fri Mar 19 06:12:19 EST 1999


In article <36F21504.2B1ECE31 at uni-duesseldorf.de>,
Hans-Peter Schmitz  <schmitzh at uni-duesseldorf.de> wrote:
>Tim Cutts wrote:
>
>> 
>> Most of these things I can live with except for the security issue.
>> Unfortunately this is not a problem limited to the makers of MI/X.
>> Both eXodus and MacX have a similarly lax attitude to security.  Why
>> can't commercial software manufacturers take security seriously?  Even
>> eXceed defaults to letting the entire Internet access your screen,
>> although at least in that case you can configure the program to be a
>> bit more sane.
>> 
>> Tim.
>
>You can make things more secure using SSH! I´m running Seqlab using MI/X
>and the free SSH Client from Cedomir Igaly which does X11 forwarding.
>Doing so you can get both - encryption and compression of the data.
>For the users in our lab which are all used to Windows Applications this
>seemed to be the easiest solution.

ssh does *not* solve the problem.

People can no longer snoop on the X connection itself, true, but they
can still connect to your main display and take snapshots of what's on
your screen.

MI/X on machine A.  SSH from machine A to machine B, where you run
SeqLab.

Machine B has a DISPLAY variable of B:10.0, or something like that.

Now log onto another machine, C.

On C, type:

xwd -root -display A:0.0 -out screen.dump

or set your DISPLAY variable to A:0.0 and run any client you like.

Oops!  You can still get an image of the X server even though the user
is using SSH.

This is because ssh only protects the TCP connection between the ssh
daemon itself and the X client.  It does *nothing* to protect access
to the X server itself.  If you think it does, then you have given
your users a false sense of security.

Tim.





More information about the Bio-soft mailing list

Send comments to us at biosci-help [At] net.bio.net