Hi ----- Original Message ----- > Hi, > > >>>>> > >>>>> I don't see much alternative. Do you a other proposal? > >>>>> > >>>> > >>>> I think my use case simply requires the ability to pass the pass word in > >>>> a way that cannot be intercepted by any kind of hook; whether it be > >>>> wireshark, or an inotify hook. A unix domain socket that can receive > >>>> the password would suffice, I believe. > >>> > >>> Do you use virt-viewer or other Spice client? Are you a direct user of > >>> spice-controller? > >> > >> We set SPICE_XPI_SOCKET to a unix domain socket and then invoke: > >> remote-viewer --spice-controller > >> and then instruct remote-viewer to connect using a password we > >> ostensibly transmit in a secure fashion. > >> > >> I just reviewed the code again; and we don't use any other features of > >> the XPI conversation; the only material thing we can't do if you remove > >> this code is transmit the password. > >> > >>> > >>> I think we should try to solve this at the virt-viewer level, and move > >>> the > >>> discussion to virt-tools list. > >>> > > > > I guess a DBus interface could work equally well in this case? > > > > I'm not enough of an expert in DBus to say for sure, but I don't think > so. One of the issues is that we need the communicated password to be > secure; can't you eavesdrop on a dbus channel with tools like dbus-monitor? > Yes, you can, but you can also strace/attach a process reading from a unix socket. _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx https://lists.freedesktop.org/mailman/listinfo/spice-devel