What are the issues about X-Window through a firewall?
X Windows is a very useful system, but unfortunately has some major security flaws. Remote systems that can gain or spoof access to a workstation’s X display can monitor keystrokes that a user enters, download copies of the contents of their windows, etc. While attempts have been made to overcome them (E.g., MIT “Magic Cookie”) it is still entirely too easy for an attacker to interfere with a user’s X display. Most firewalls block all X traffic. Some permit X traffic through application proxies such as the DEC CRL X proxy (FTP crl.dec.com). The firewall toolkit includes a proxy for X, called x-gw, which a user can invoke via the Telnet proxy, to create a virtual X server on the firewall. When requests are made for an X connection on the virtual X server, the user is presented with a pop-up asking them if it is OK to allow the connection. While this is a little unaesthetic, it’s entirely in keeping with the rest of X.
