Security tab

Getting there

The options are:

Allow remote IP connections

When cleared, only local X clients can connect to Reflection X Advantage. Client connectors set up a listening socket only on the local loopback interface.

Note: When you connect to a client using Secure Shell as the connection method (the default), the X11 data is forwarded to Reflection X Advantage from a local port. This means that, for Secure Shell clients, you can clear Allow remote IP connections to help ensure access only from clients running on authenticated hosts.

 

Authorized Hosts

This option is visible when Host-based authorization is selected.

To create or edit the Authorized Hosts list, type host names in the text box, separating each name by new lines, spaces, commas or semi-colons.

 

User-based authorization

When selected, clients are allowed to run only if they can be verified using MIT-MAGIC-COOKIE-1 authorization.

Notes:

  • To edit the xauth command that Reflection X Advantage uses to put an MIT cookie in the user's .XAuthority file, go to the client definition pane; under Connection method click Advanced.
  • If both user-based and host-based authorization are enabled, the client connection succeeds if either authorization succeeds; so enabling both reduces your level of security.

 

 

Authorization timeout (secs)

This option is visible only when User-based authorization is selected.

After all clients have stopped, the MIT-MAGIC-COOKIE-1 cookie created for a session remains valid for the specified duration (in seconds). In most cases, there is no reason to change the default. Because Reflection X Advantage creates a new cookie for each new client started from Reflection X Advantage, this setting has no effect on clients you launch from X Manager. Only clients launched from outside X Manager might use an existing cookie.