peterson@SW.MCC.COM (James Peterson) (10/05/88)
Rich Berlin writes: > > In article <643@prlhp1.prl.philips.co.uk> Richard Cole writes: > > > > I get the following message on the server > > > > Network security violation: > > Rejected connection from yyyy > > > > where yyyy is the id of the mechine originating the message. > > ... To make machine yyyy a trusted > host, you must execute the command > > newshost add yyyy > > on machine xxxx. Another possibility is to modify the value of NetSecurityWanted in lib/NeWS/init.ps: /NetSecurityWanted false def % false if everyone is allowed to connect By default this variable is shipped as true. If it is true, then network security is used, as Rich described. When it is false, the entire process is ignored and any machine can access any other -- much easier in a trusted environment. (In theory, if NetSecurityWanted is false, an undergraduate with access to the Internet at Berkeley could pop windows up on a screen at Maryland, so you have to consider ALL machines that can access yours). jim
ron@ron.rutgers.edu (Ron Natalie) (10/06/88)
Worse than popping up windows, which is only annoying, they can execute UNIX commands through your interpretter with out you even noticing. -Ron
montnaro@sprite.steinmetz.ge.com (Skip Montanaro) (10/10/88)
James Peterson writes: Rich Berlin writes: > ... To make machine yyyy a trusted > host, you must execute the command > > newshost add yyyy > > on machine xxxx. Another possibility is to modify the value of NetSecurityWanted in lib/NeWS/init.ps: /NetSecurityWanted false def % false if everyone is allowed to connect Ay, Ay, Ay! Don't do this in /usr/NeWS/lib/NeWS/init.ps!!! You should not make the assumption that all users that access /usr/NeWS (possibly via NFS) want what little security exists to be disabled. Have the user execute the above line from his/her ~/user.ps Better yet, users should leave NetSecurityWanted true, then enable specific machines to communicate via lines like: RemoteHostRegistry /moose true put which allows client programs on "moose" to connect to my machine's server. -- Skip Montanaro (montanaro@sprite.steinmetz.ge.com, montanaro@ge-crd.arpa)