Securing Old X-Win32 Clients
Prior to version 8, access control is not turned on in X-Win32. Any application wishing to connect to the X server can do so without interacting with the user. This represents a significant security concern. To prevent any users from connecting to your X server, you should enable access controls in X-Win32. To do this:
- Right-click on the blue X icon near the clock.
- Select XConfig from the menu by clicking on it
- Click on the Security tab
- Make sure that both “Access Control” and “Use XAuth” are checked
- Click “Apply,” then “OK”
After doing this, any future connection to the X server will present you with a dialogue box similar to the following:
As a general rule, you should only accept connections that you have initiated and expect.