Therefore, it??™s important to ensure that
only authorized clients can connect and perform certain operations.
Privacy
Even if data can??™t be snooped on-screen, raw X protocol traffic can be captured
on the network and analyzed to re-create the screen image (and user actions).
Some form of encryption must be employed to circumvent this danger.
Many different programs, protocols, and techniques have been developed to address
these issues, with varying degrees of success. In the remainder of this chapter, we??™ll
examine a number of remote display techniques in the light of these three challenges.
13.8 Host-Based Access Control
You can allow or disallow client connections based on the IP address of the client??™s
host. The xhost program manages host-based access control.
Running xhost by itself displays the current status:
blue$ xhost
access control enabled, only authorized clients can connect
The output indicates that host-based control is active, but since no hosts are listed,
no hosts are authorized to connect.
You can grant access to a host by IP address or by name (which must resolve to an IP
address), using the + symbol:
blue$ xhost +red
red being added to access control list
blue$ xhost +172.
Pages:
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282