Virtual network computing (VNC) enables multiple users at different locations to share a common desktop computer for the purpose of sharing control of software applications. VNC allows two users at different locations to view the same desktop and exercise control over the software applications that were started in the shared desktop. Within the shared desktop, each user is able to observe the mouse and keyboard actions of all other participating users as changes are made to the software application. VNC has proven to be a useful tool during design/debug sessions where each participant brings his or her own expertise to the debug process. For example, one participant may bring to the session hardware simulation expertise, while another participant may contribute software expertise in debugging a software application. VNC is also useful in updating documentation created by multiple authors. Each author, while at his or her own work station, can update the same document, while reviewing the updates of other contributing authors. The ability to share a desktop at remote locations is thus extremely useful and efficient in the development of software applications in terms of saving time, money and travel, as the participating users do not have to be physically present at one location to share the desktop computer.
In general, VNC employs two components: a server and a viewer. The server runs on a host machine which includes a desktop and is started by a user located at the host machine. A viewer uses a remote machine, with a viewer session started by a user at the remote machine. The user that initially starts the server is the server owner. All activity in the desktop is done using the computer ID of the server owner. Viewers that subsequently connect into the session are provided active access. All active viewers have the same control over applications within a given server and are run under the computer ID of the server owner.
A server owner must be alert to the activities of the other viewers participating in the shared desktop. Because all active viewers can start, stop and control software applications as if these inputs originated with the server owner, it is highly desirable to exercise security measures to protect the applications from unauthorized operations of other viewers. While current VNC versions allow multiple users to share a desktop, none protect a server owner from unauthorized users exploiting the desktop's server when their activities are not being observed by the server owner.
The present invention addresses the aforementioned limitations of the prior art by allowing the server owner of a VNC arrangement to dynamically assign each VNC viewer either passive status wherein the viewer may only observe the desktop activities of other viewers or active status wherein the viewer may exercise control over a software application.