[pve-devel] [PATCH] spiceproxy : allow only spice port range

Dietmar Maurer dietmar at proxmox.com
Tue Jul 23 09:04:47 CEST 2013


> > About password, I wonder if we could not retrieve the current ticket
> > from spice server, and copy it to the target vm.
> >
> > Libvirt seem to simply store the current password in the vm config xml
> > :/
> >
> > <graphics type='spice' port='5900' autoport='no' passwd='secret'
> > passwdValidTo='2013-05-31T16:11:22' connected='disconnect'/>
> >
> 
> IMHO storing secrets is a bad thing. We want to increase security by using a
> short expiration time.

I just committed a patch for pve-qemu-kvm to return the last ticktet
with qmp query-spice.

What do you think? Can you try to use that for your patches?



More information about the pve-devel mailing list