It's important for you to secure your graphical display to prevent attackers from grabbing your passwords as you type them, reading documents or information you are reading on your screen, or even using a hole to gain root access. Running remote X applications over a network also can be fraught with peril, allowing sniffers to see all your interaction with the remote system.
X has a number of access-control mechanisms. The simplest of them is
host-based: you use xhost
to specify what hosts are allowed access
to your display. This is not very secure at all, because if someone has access
to your machine, they can xhost + their machine
and get in
easily. Also, if you have to allow access from an untrusted machine,
anyone there can compromise your display.
When using xdm
(X Display Manager) to log in, you get a much better
access method: MIT-MAGIC-COOKIE-1. A 128-bit "cookie" is generated and
stored in your .Xauthority
file. If you need to allow a remote machine
access to your display, you can use the xauth
command and the
information in your .Xauthority
file to provide access to only that connection.
See the Remote-X-Apps mini-howto, available at http://metalab.unc.edu/LDP/HOWTO/mini/Remote-X-Apps.html.
You can also use ssh
(see
refnam, above) to allow secure X
connections. This has the advantage of also being transparent to the
end user, and means that no unencrypted data flows across the
network.
Take a look at the Xsecurity
man page for more information on X
security. The safe bet is to use xdm
to login to your console and then
use ssh
to go to remote sites on which you with to run X programs.