Re: [vox-tech] Exporting displays
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [vox-tech] Exporting displays
On Thu, 17 Mar 2005, Karsten M. Self wrote:
> on Wed, Mar 16, 2005 at 10:42:41PM -0800, Mark K. Kim [censored] wrote:
[snip]
> > $xhost +
>
> BAD MARK. NO DONUT. OR COOKIE.
Lols. In theory, you're right that it's a bad advice. In practice, it's
not a problem, especially for:
1. Brief connections.
2. Local/trusted connections.
3. Connection check before securing it.
One should always be aware of security issues, of course, which I briefly
touched upon and suggested using ssh instead for that reason. The MIT
magic cookie thing would be the next best thing but it's so convoluted
that nobody uses it.
BTW, John, you can add a hostname after the '+' sign to allow connections
only from that computer. Example:
$xhost +remote_host_ip_or_name
which would be the next next best thing to ssh -X and MIT magic cookie
thingy.
My autoshop teacher once told me that a good mechanic always uses the
correct wrench for the correct nut, so a good mechanic should never use
the monkey wrench (a.k.a. adjustable wrench.) But a good mechanic, he
added, would never be without a monkey wrench in his toolbox. `xhost +`
is one of those monkey wrenches for UNIX people, and it would always be
a tool I'd teach people along with `ssh -X`.
-Mark
--
Mark K. Kim
AIM: markus kimius
Homepage: http://www.cbreak.org/
Xanga: http://www.xanga.com/vindaci
Friendster: http://www.friendster.com/user.php?uid=13046
PGP key fingerprint: 7324 BACA 53AD E504 A76E 5167 6822 94F0 F298 5DCE
PGP key available on the homepage
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech
|
