RDP-backend needs access control
I haven't seen any access control on who is allowed to connect to the RDP server. If you can access the listening port, then you gain immediate access to the desktop, no questions asked. This makes running the RDP server even on just localhost a problem, because any local user could connect to it and take over the desktop. Obviously exposing that port to the internet would be just insane.
I would like to see at least password based authentication (preferably integrated with PAM such that the user's login password could be used by default without adding it into any weston.ini
or such).
A good addition would be public key based authentication with the same idea as SSH does it.
Does the RDP protocol itself already support these and all that is left is to hook it up in RDP-backend?