[TriLUG] running X at the server console

Tanner Lovelace lovelace at wayfarer.org
Wed Jan 16 21:47:17 EST 2002 

On Wed, 2002-01-16 at 18:54, Christian J Hedemark wrote:
> Tanner,
> 
> We're probably attacking the angle from different angles.  My professional
> experience has been mostly in environments where you have a big
> multiprocessor UNIX box, and a bunch of (essentially) X terminals providing
> GUI access to these big hosts.  Asking the users to run a locked down UNIX
> distribution on their desktop, using ssh to get in, etc. is too convoluted
> for real world use for most people.
> 
> If you're running a web server or something like that, yes, I agree this
> would be inappropriate.  But in the case of the more traditional use of
> large UNIX hosts, this is the only practical solution.  I doubt X11
> standards are under any further development right now, but if they were
> maybe they ought to consider using some sort of SSL encryption on X windows
> traffic (if both sides supported it of course).

Chris,

I believe you are completely correct.  I think the main problem is
that the word "server" is overloaded.  You really need to specify
an adjective with it. Is it a mail server?  A web server?  An X
server?  For something that needs to be located on the outside
of a firewall like a mail or web server, I believe it is a bad
idea to run X, especially with remote logins enabled.  For a 
machine meant to act as an X server, however, you are completely
correct.  X must be on, or you don't have a server. :-)  People
need to understand, however, that such a server should most
definitely be located *behind* some sort of firewall and should
not be directly on the Internet.

This is certainly a valid form of securing a network.  When I worked 
at SGI the most interesting thing about it was that no one used
any kinds of passwords.  This made it easy for people to work 
together and pretty much removed any incentive for insiders to
hack co-workers computers.  The flip side of this was that their
network border security was phenomenal!  It had to be, because
if anyone got in, everything was wide open.

Tanner
-- 
Tanner Lovelace | lovelace at wayfarer.org | http://wtl.wayfarer.org/
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
GPG Fingerprint = A66C 8660 924F 5F8C 71DA  BDD0 CE09 4F8E DE76 39D4
GPG Key can be found at http://wtl.wayfarer.org/lovelace.gpg.asc
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--
 Those who are willing to sacrifice essential liberties for a little 
 order, will lose both and deserve neither.  --  Benjamin Franklin 

 History teaches that grave threats to liberty often come in times
 of urgency, when constitutional rights seem too extravagant to 
 endure.  --  Justice Thurgood Marshall, 1989 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20020116/6570e758/attachment.pgp>

More information about the TriLUG mailing list