Changeset 36007 in vbox

Timestamp:

Feb 17, 2011 9:33:56 AM (14 years ago)

Author:

vboxsync

Message:

doc/manual: stronger warnings about insecure authentication / http transfer

File:

• trunk/doc/manual/en_US/user_Security.xml (modified) (2 diffs)

trunk/doc/manual/en_US/user_Security.xml

@@ -28 +28 @@
           host remotely, connections to the web service (through which the API
           calls are transferred via SOAP XML) are not encrypted, but use plain
-          HTTP. For details about the web service, please see <xref
-          linkend="VirtualBoxAPI" />.</para>
+          HTTP. This is a potential security risk! For details about the web
+          service, please see <xref linkend="VirtualBoxAPI" />.</para>
         </listitem>
       </itemizedlist></para>
@@ -42 +42 @@
           <para>When using the VirtualBox extension pack provided by Oracle
           for VRDP remote desktop support, you can optionally use various
-          methods to configure RDP authentication. See <xref
-          linkend="vbox-auth" /> for details.</para>
+          methods to configure RDP authentication. The "null" method is
+          very insecure and should be avoided in a public network.
+          See <xref linkend="vbox-auth" /> for details.</para>
         </listitem>