HP-UX 11i September 2002 Release Notes
Internet and Networking Services
Low Bandwidth X Extension (LBX)
Chapter 12
233
The xrx helper program has been added to the /usr/bin/X11 directory. End users
must set up their Web browsers to use this program for files with the rx extension.
2. libxrx.6.3 (the Netscape plug-in)
The Netscape plug-in, libxrx.6.3, has been added to the /usr/lib/X11R6
directory. End users must copy this to their $(HOME)/.netscape/plugins directory
(or the equivalent) so that files with the rx extension are interpreted correctly. In
order to use the plug-in, do not set up Netscape to also use the helper program.
Security Extension
The security extension adds the X protocol needed to provide enhanced X server security.
This extension adds the concepts of trusted and untrusted clients. The trust status of a
client is determined by the authorization used at connection setup. All clients using
host-based authorization are considered trusted. Clients using other authorization
protocols may be either trusted or untrusted depending on the data included in the
connection authorization phase.
When a connection identifying an untrusted client is accepted, the client is restricted
from performing certain operations that would steal or modify data that is held by the
server for trusted clients. An untrusted client performing a disallowed operation will
receive protocol errors.
When a client is untrusted, the server will also limit the extensions that are available to
the client. Each X protocol extension is responsible for defining what operations are
permitted to untrusted clients; by default, the entire extension is hidden.
Application Group Extension (XC-APPGROUP)
The application group extension provides new protocol to implement Application Groups
(AppGroups). The AppGroup facility allows other clients to share the
SubstructureRedirect mechanism with the window manager. This allows another
client (called the application group leader) such as a Web browser to intercept a
MapRequest made by a third application and re-parent its window into the Web browser
before the window manager takes control. The AppGroup leader may also limit the
screens and visuals available to the applications in the group.
This extension, along with the Netscape remote execution plug-in, allows Netscape to
run programs remotely over the Web with the output appearing in the Web browser
display.
The only way for an application to become a member of an AppGroup is by using an
authorization generated using the new security extension. Whenever an application
connects to the server, the authorization that it used to connect is tested to see if it
belongs to an AppGroup. This means that the authorization data must be transmitted to
the remote host where the application will be run. In the case of X, HTTP is used to send
the authorization. Sites that have concerns about sending un-encrypted authorization
data such as MIT-MAGIC-COOKIE-1 via HTTP should configure their Web servers and
Web browsers to use SHTTP or SSL.
SLS/d - Distributed SLS (HP Visualize Center Support)
SLS/d is an extension of the SLS (Single Logical Screen) functionality provided by the X
server that allows the X desktop to span graphics displays that reside on distributed
systems. By distributing the display across several systems, a larger logical array of