VboxHeadless ignores "<RemoteDisplay enabled="false" ..." => Fixed in 1.6.6

[leo]

Ubuntu desktop 8.04.1, VirtualBox 1.6.4 AMD64.

I have a VM which contains:

<RemoteDisplay enabled="false" port="3901" authType="Null" authTimeout="5000"/>

I.e. the VRDP server is configured but not enabled. I start this VM with VBoxHealess and the VRDP is remotely accessible even if I disabled it. I think this is a security problem because with VBoxHeadless I have no way to prohibit remote connection (and currently the external Authentication has problems causing segmentation faults).

IMHO the VBoxHeadless should respect enable/disable as stated in VM conf, and eventually override it only in case the listening port is specified on VBoxHeadless command line (or via explicit option).

[Frank Mehnert]

Thanks for this report. Actually we left the default behavior which is to enable the RDP server. But in 1.6.6 we added an optional parameter

-vrdp on|off|config

which allows the user to explicitly start the RDP support (on), to explicitly disable it (off) or to use the value stored in the permanent .xml settings (config).

[vadimrapp]

I think it would be more logical to have the default as specified in the settings. If I'm not mistaken, all other settings are working that way - I specify machine settings in the GUI, and when I start the machine, headless or not, all settings are as I have specified. Why is this one an exception?

[Frank Mehnert]

For historical reasons / backward compatibility. If someone wants to start VBoxHeadless he usually wants to access it through the RDP protocol. And the screen output clearly states that the RDP server of that VM is now active.