[pve-devel] [PATCH] spiceproxy : allow only spice port range
Alexandre DERUMIER
aderumier at odiso.com
Tue Jul 23 09:22:23 CEST 2013
>>I just committed a patch for pve-qemu-kvm to return the last ticktet
>>with qmp query-spice.
>>What do you think? Can you try to use that for your patches?
Great ! Thanks !
I'll try that today.
(BTW, the ca=... fix has been commited to spice-gtk git)
----- Mail original -----
De: "Dietmar Maurer" <dietmar at proxmox.com>
À: "Alexandre DERUMIER" <aderumier at odiso.com>
Cc: pve-devel at pve.proxmox.com
Envoyé: Mardi 23 Juillet 2013 09:04:47
Objet: RE: [pve-devel] [PATCH] spiceproxy : allow only spice port range
> > About password, I wonder if we could not retrieve the current ticket
> > from spice server, and copy it to the target vm.
> >
> > Libvirt seem to simply store the current password in the vm config xml
> > :/
> >
> > <graphics type='spice' port='5900' autoport='no' passwd='secret'
> > passwdValidTo='2013-05-31T16:11:22' connected='disconnect'/>
> >
>
> IMHO storing secrets is a bad thing. We want to increase security by using a
> short expiration time.
I just committed a patch for pve-qemu-kvm to return the last ticktet
with qmp query-spice.
What do you think? Can you try to use that for your patches?
More information about the pve-devel
mailing list