That's not true. I think the SECURITY extension provides facilities to restrict the things applications can do to the X server. Check more on that, google for more info. El mar, 28-12-2004 a las 13:48 -0500, Jack Dodds escribiÃ: > Paul, > > Thanks for pointing me at this - it's just at the level that I can grasp. > > It seems that X has facilities to keep unwanted users from connecting - > but a user that is connected has complete access. So my project of > allowing a hostile user to put a window on my desktop cannot be done safely. > > This seems like an oversight on the part of the designers of X. > > I can see one possible (but work-intensive) solution. This would be to > have an X proxy program which would maintain a virtual > screen/mouse/keyboard that contained only the hostile user's window. > The hostile user would communicate with the proxy, and the proxy would > filter the information from the actual screen/mouse/keyboard e.g. so > that mouse and keyboard events would be passed on only when the hostile > user's window had the focus. The proxy could even put a warning border > around the hostile user's window when displaying it on the actual screen. > > A little beyond my abilities at the moment, unfortunately. > > > Paul Smith wrote: > > >One page I found in about 2 seconds by giving "X windows security" to > >Google is: > > > > http://bau2.uibk.ac.at/matic/ccxsec.htm > > > >A client can get a complete screendump (that's what the > >snapshot program does for example), and it can also see every keypress > >that goes through the server. > > > > _______________________________________________ > gnome-list mailing list > gnome-list@xxxxxxxxx > http://mail.gnome.org/mailman/listinfo/gnome-list -- Manuel Amador <rudd-o@xxxxxxxxxxxxxx> Amauta _______________________________________________ gnome-list mailing list gnome-list@xxxxxxxxx http://mail.gnome.org/mailman/listinfo/gnome-list