guacamole-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael Jumper (JIRA)" <>
Subject [jira] [Commented] (GUACAMOLE-235) HMAC authentication extensions
Date Mon, 06 Mar 2017 18:16:33 GMT


Michael Jumper commented on GUACAMOLE-235:

Sorry, no, there were never any such plans, and I don't personally think this would be a good
idea. That extension relies on embedding raw connection parameters within the URL, which can
potentially contain sensitive information and are not intended to be exposed to the user in
the general case.

There is a third-party extension I helped write which achieves similar,,
and there were tentative plans to merge that via downstream [GUAC-1482|]
... but I would now be worried that such an extension would merely serve as a crutch for integration,
forever avoiding use of the API, much in the same way that NoAuth has grown to be used.

I think the project would benefit greater from some sort of low-level REST API which is independent
of the current extension subsystem - some sort of separation of the main interface from the
rest of the application, similar to what is proposed by GUACAMOLE-59.

> HMAC authentication extensions
> ------------------------------
>                 Key: GUACAMOLE-235
>                 URL:
>             Project: Guacamole
>          Issue Type: Wish
>          Components: guacamole
>            Reporter: Marcin Janczarski
>            Priority: Minor
> Any plans to include it to the project?
> I remember that there was a plan to merge it to the main project.

This message was sent by Atlassian JIRA

View raw message