Hi ----- Original Message ----- > On 06/14/2017 03:46 PM, Marc-André Lureau wrote: > > Hi Jeremy > > > > ----- Original Message ----- > >> On 06/14/2017 02:55 PM, marcandre.lureau@xxxxxxxxxx wrote: > >>> From: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx> > >>> > >>> The spice-controller was a small library to let NPAPI browser plugins > >>> communicate with the spice client. Due to usage of vala, the library > >>> could not promise ABI stability, and was also considerer a pretty > >>> poor implementation. > >>> > >>> Furthermore, major browser vendors began to phase out NPAPI support in > >>> 2013, and some would like to see it gone by the end of this > >>> year (realistically, it may not happen though). > >>> > >>> As an alternative, remote-viewer (the first class Spice client) > >>> learned to connect with a file of mime type application/x-virt-viewer, > >>> as early as February 2013 with v0.5.5. > >>> > >>> RFC as we may want to have another release with the controller, and > >>> announce it's the last one that will ship it - remote-viewer should > >>> follow with a similar announcement. > >> > >> The spice controller also provides the ability for an application to > >> securely pass a username and password in via the controller socket. > > > > The password should be a one time / short lived token when used with .vv > > file. > > And if it is sent over a network it should be sent over a secured mean > > (https for ex) > > > >> The use of a file would have potential risk vectors. Is there an option > >> to provide that facility? > > > > I don't see much alternative. Do you a other proposal? > > > > I think my use case simply requires the ability to pass the pass word in > a way that cannot be intercepted by any kind of hook; whether it be > wireshark, or an inotify hook. A unix domain socket that can receive > the password would suffice, I believe. Do you use virt-viewer or other Spice client? Are you a direct user of spice-controller? I think we should try to solve this at the virt-viewer level, and move the discussion to virt-tools list. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel