[vox-tech] xhost+: Why you should NEVER DO THAT

[Dmitriy]

On Friday 18 March 2005 02:18, Karsten M. Self wrote:
> Mark Kim apparently insists on dispersing bad advice regarding use of
> xhost + to allow remote X11 access.
>

I agree that it's a bad advice.

When user needs that advice, he likely doesn't know intricacies of X enough to 
know which situations are acceptable to use "xhost +" in, and and which ones 
are not.

User will probably end up thinking "x access problems? == xhot +!".

And this applies to other technical answers too. While it might be easier to 
say "oh just do it in the insecure way, you are safe in your circumstances", 
user will likely remember solution, and possibly offer it as advice to 
someone else without full understanding of security implications.

Or perhaps someone else searching archives and thinking his problem might be 
similar. He tries "xhost +", and voila, it worked. Except he was sitting in a 
university lab with open xports. Boo.

Again, both of this scenarios are very undesirable.  So please avoid advice 
that can very easily be harmful to people.  Remember that there are archives 
that show up on google, and different people are likely to have slightly 
different circumstance, and not everyone is fully aware of security 
implications. (And even if next email explains alternatives and implications, 
user who has a problem is not going to bother reading it all, 95% of the 
time. Trust me)

-- 
Dmitriy - LUGOD VP