Tcl and Perl take slightly different approaches with regard to send security, and it’s instructive to talk about each. Both require xauth server authentication, which essentially limits connections to the X server from trusted individuals on trusted hosts. Although xauth details vary, the basic idea is that a random key is generated for every X session, and an application must present this key to the X server before it’s granted permission to run. The key, referred to as a magic cookie, is often stored in the file .Xauthority in your home directory. Only you can read the file, and your local X clients grab the key from there. Before other users or machines can access the display, you must explicitly give them the key, perhaps by providing them with a copy of your authorization file. But remember, if the key you loan to a friend falls into enemy hands, your machine can be hacked with deadly efficiency. If you suspect xauth authentication has been compromised, start a new X session, so the cookie changes.

Many modern X environments automatically initialize and use xauth authentication, and ssh (the secure shell) propagates this information automatically, so life is easy. But there are still lots of people using xhost authentication, and send will just not work. Rightly so, because, as its name implies, this mechanism only limits authentication to a list of hosts, and any process on those computers can connect to your display. ...