On Tue, 20 Apr 2010, Jon Price wrote: > How secure (or insecure) is it to NOT require X11 Authentication but > DO use ssh/X Forwarding? > > I have an application which works a lot easier if X11 Authentication > is disabled, though I'm still using ssh w. X11 Forwarding. > But would like to get an idea of the risks. If you use X11 without authentication, then anyone who can open an X-connection to your X-server (usually, just a 6000/tcp connection), can run a keylogger to grab all your keystrokes (search xquerykeymap for details). -- Regards, ASK
