Re: Secure VNC connections
You are wrong about the 8 character password limit, I've used passwords longer than that for some time.
In any case if you use windows logon/password, it is more secure than UVNC's default and would not have that limitation. This also gives you the same unsuccessful attempts options as you have with windows. I suggest you set up a user and password which you will use purely for external access, so you don't need to remember the password when you log on normally. You can create a strange user name too, which will help defeat hackers.
If you use an encryption plugin on the server you need to use the UVNC client with the same plugin. You can't use Java since there's no way of attaching the plugin. Make sure you use a key file. No one can get in without a copy of the key file.
Alternatively, if you must use the Java client, run the service through stunnel. There are examples including one for vnc. Unfortunately most of the examples are for linux, but the principles are the same. In that case you would only allow loopback connections in UVNC so that the service will only accept connections from the stunnel program within your own system.
Your entry in stunnel.conf would look something like this:
[uvnc]
accept=8765
connect=5800
You would need to open port 8765 AND the ssl protocol in your firewall.
You then connect using "https://yoursystemname:8765/". You can secure this connection with a certificate.
More details of how to do this here.
Finally, if you (or someone you know) are any good at winsock programming you could write a program to start/stop the VNC service remotely. If you do that in such a way that only an exact string (a long one which no-one could guess) on a particular port will trigger the program, and the program only starts or stops the VNC service, then you are to all intents and purposes totally secure.
Re: Secure VNC connections
Thanks Lynx
I've set up a new 14 character password (I don't know why I thought I was limited to 8)
I decided that I'm going to use Windows Authentication a little later down the road (since I'm about to format after the semester is over)
I set up the encryption and got the key files up and running. This part is really cool, it gives me more confidence about being open on the 'net.
Then for the java client, I decided to entirely disable it since having the remote viewer and encryption plugins will do fine for me.
I'm going to talk to my friend who has been working in VB .Net for a little over a year and a half about the winsock programming. I think that would be an excellent feature to add with remote server startup.
Thanks lynx you helped a lot!