In the usage section of the wiki, under "access without ssh" you say this:
Beware: by default, TCP sockets are insecure. At the very least, you should use the "--password-file" option to protect those sessions."
It would be good to have an example here as I'd guess most people would read this, probably agree with it, but then move on without doing anything. If you have an example people will follow it while thinking about it.
The password-file
option is documented is it not?
This is also documented in further detail on the wiki: wiki/Authentication
Feel free to submit a patch to improve things.
It is documented but what I'm saying is that people will read that but then without the way to do it being explicitly in their faces will likely move on and then forget about it.
I've submitted a fix that links to the right section but it would probably be better to give a basic example inline so people who are just copy and pasting get some protection in place.
Thanks for the update, feel free to submit a basic example inline too.
Not heard back, closing.
this ticket has been moved to: https://github.com/Xpra-org/xpra/issues/516