klas@nada.kth.se (Klas Heggemann) (09/09/88)
NeWS users must be aware of the possiblilty to 'eavesdrop' their work using e g journal.ps. I tried to record, as user nobody, what was going on. It was really easy to check everything I did, including the password for su-sessions!! Anybody can use the journaling while you use NeWS for you daily work. They just log in on your machine and use psh to talk to the NeWS-server (which they may do since the localhost is in the newshost-list). I also noticed that a playback of a session may not really play what happend. Instead it plays the events, which may really do something else then when you recorded it. E g I zapped a window while recording a session. Doing a playback resulted in a choice in the rootmenu instead of the window frame menu, a choice that lead to the destruction of all windows!!