[pve-devel] [PATCH] spiceproxy : allow only spice port range
Dietmar Maurer
dietmar at proxmox.com
Mon Jul 22 13:11:10 CEST 2013
> About password, I wonder if we could not retrieve the current ticket from
> spice server, and copy it to the target vm.
>
> Libvirt seem to simply store the current password in the vm config xml :/
>
> <graphics type='spice' port='5900' autoport='no' passwd='secret'
> passwdValidTo='2013-05-31T16:11:22' connected='disconnect'/>
>
IMHO storing secrets is a bad thing. We want to increase security by using a short expiration time.
More information about the pve-devel
mailing list