Re: Allow NON-Authenticated X11 Connections - How insecure/secure?



On Tue, 20 Apr 2010, Jon Price wrote:
How secure (or insecure) is it to NOT require X11 Authentication but
DO use ssh/X Forwarding?

I have an application which works a lot easier if X11 Authentication
is disabled, though I'm still using ssh w. X11 Forwarding.
But would like to get an idea of the risks.

If you use X11 without authentication, then anyone who can open
an X-connection to your X-server (usually, just a 6000/tcp
connection), can run a keylogger to grab all your keystrokes
(search xquerykeymap for details).

--
Regards,
ASK