| Title: | DECWINDOWS 26-JAN-89 to 29-NOV-90 | 
| Notice: | See 1639.0 for VMS V5.3 kit; 2043.0 for 5.4 IFT kit | 
| Moderator: | STAR::VATNE | 
| Created: | Mon Oct 30 1989 | 
| Last Modified: | Mon Dec 31 1990 | 
| Last Successful Update: | Fri Jun 06 1997 | 
| Number of topics: | 3726 | 
| Total number of notes: | 19516 | 
Hi, We are involved in a big project requiring a high level of security, involving DECwindows on Workstations. The prime contractor in this project are proposing our workstations, and they have raised a number of questions regarding DECwin- dows security. They have not used DECwindows extensively, but have used the MIT release of X-windows on HP workstations. If replies to this question are not intended for general consumption, then feel free to mail me privately concerning this. Here are the questions : 1. Can Xevents be trapped by any client application on a given server ? 2. If arbitration of Xevents is done, then what is it done by ? The server's window manager or the server itself ? 3. What events pass through the window manager ? 4. Does the DECwindows clipboard use the standard X-11 Clipboard features ? 5. Where is the clipboard information held ? On the server ? 6. Is there access control on the data held in the clipboard ? Is there any detailed documentation on how the clipboard works ? Answers to these questions are pivotal to the success of this project and may be useful to us in further projects. I would be grateful for any information you have. Cheers. Mark Jeffery. Government Worksystem Specialist. UK.
| T.R | Title | User | Personal Name | Date | Lines | 
|---|---|---|---|---|---|
| 1365.1 | PSW::WINALSKI | Careful with that VAX, Eugene | Mon Sep 04 1989 21:20 | 33 | |
| >1. Can Xevents be trapped by any client application on a given server ? It is a general property of the X window system that if you have permission to connect to a server, then you have access to all of the resources on that server. You can get at any window, GC, pixmap, etc. if you know or can determine its resource ID. If I know a window's window ID, I can ask the server to notify me of events on that window, even if it's a window that another application created. >2. If arbitration of Xevents is done, then what is it done by ? The server's > window manager or the server itself ? As I understand it, both. The window manager can redirect some events to istelf. >4. Does the DECwindows clipboard use the standard X-11 Clipboard features ? yes. >5. Where is the clipboard information held ? On the server ? The clipboard is implemented using window properties, which are stored on the server. >6. Is there access control on the data held in the clipboard ? Is there any > detailed documentation on how the clipboard works ? There is no access control anywhere in X, except for the list of nodes and accounts allowed to access the server when a particular user's session is in progress. --PSW | |||||
| 1365.2 | VMS has more security control | STAR::ORGOVAN | Vince Orgovan | Tue Sep 05 1989 18:15 | 12 | 
|     VMS DECwindows has better connection security authorization than
    many X implementations.
    
    In a normal X server, connection requests are accepted from any
    host appearing on a list of trusted host names. There is no way to
    authorize connections from one user on a host while restricting
    connections from other users on that host.
    
    On VMS, this mechanism is extended to contain both host name and
    username. So a subset of users on a host can be authorized while
    other users on that host are prevented from connecting. 
 | |||||
| 1365.3 | Will be fixed in the future.. | FUEL::graham | If people lead, leaders will follow | Thu Sep 07 1989 21:35 | 14 | 
| At X'hibition '89 in San Jose, the issue of security was discussed at length (session moderated by MIT's Jim Fulton and Sun's David Rosenthal). A future version of X will address/fix several problems...such as user and host-based authorization and authentication. Even the U.S. government is very interested in the progress of such work. Portability and interoperability is very important here. I don't think the VMS security code is portable to other X platforms. MIT and others hold portability on very high ground. Kris.. | |||||