Darren J Moffat wrote: > Cyril Plisko wrote: > >> >> synergy documentation provides a recipe on how to implement it via SSH > > I read that, what I couldn't find was how to force synergy to only > bind to localhost. If it doesn't bind to localhost then I need to > ensure that there are ipfilter rules in place to block it. > In its current rev. 1.3.1, synergy is just plain not secure. No bones about it. Its pretty easy to get running, but by the time you've read 1/2 page of documentation, you know that its insecure. We are not providing any tools or autorunning config for it. Its apparent that this is an insufficient response.
I need guidance on making this palatable to ARC. Does "forcing synergy to only bind to localhost" enforce only SSH connections? If this is a sufficient response to the security concern, then I'm happy to oblige. Stuart Kreitman
