15.3 Host Access and Security

Once an application successfully connects to a server, X does not provide any protection from unauthorized access to individual windows, pixmaps, or other resources. If a program succeeds in connecting with a server and finds out a resource ID, it can manipulate or even destroy the resource.

There are several kinds of security that can prevent connections from being made by clients running on other machines. First, to provide a minimal level of protection, connections are only permitted from machines which are listed on a host access list. This is adequate on single-user workstations but obviously breaks down on machines running more than one server.

In X11R4, per-user control was added with the MIT-MAGIC-COOKIE-1 MIT-MAGIC-COOKIE-1 is not too secure, however, because it passes its secret key (“cookie”) between client and server without encryption.

X11R5 defines, and the MIT release implements, two new mechanisms that can be used for secure access control. XDM-AUTHORIZATION-1 is similar to MIT-MAGIC-COOKIE-1, but uses DES (Data Encryption Standard) encryption to encrypt the authorization data that is passed between client and server. To compile this authorization scheme, you need an implementation of DES in the file mit/lib/Xdmcp/Wraphelp.c. Due to U.S. export regulations, this file may not appear in your distribution. If you do not plan to export the file outside of the U.S., you may legally obtain it over the network from the X Consortium. Ftp to the ...

Get XLIB Programming Manual, Rel. 5, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.