guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jean louis Abegg <jean.louis.abegg...@gmail.com>
Subject security concerns
Date Thu, 03 Nov 2016 11:04:37 GMT
Hello and many thanks to the guacamole developpement team, this tool is a
great idea!

i've some questions about the security of the tool.

i've used the script of HERNAN, on centos 7. Fast, easy and straightforward!

i've dumped the mariadb database. What if a hacker could access the DB, he
could grasp any machines declared in the DB ?

I've seen that the users ( guacadmin and others ) have their pw encrypted.
A good point i think.

however, i've seen either, that the password used for the connections on
the machines ( rdp, vnc...) are unencripted...

I know, for having those informations, i've had to dump the
database...hackers probably won't have this attack surface...?

If i plan to use guacamole for "webalising" some apps or RD on the web...am
i nutsy? Have anyone tried to hack guacamole? ( of course, leaving only
https access )

And that make me ask 3 other questions...

1°) how about offering programmable access auth on different machines? or
users? ( by calendar/hours )
2°) how about a personnal child certificate each users would have to import
in his browser to establish crypted comunication with guacamole? This
certificate generated directly under guacamole of course ;-)
3°) how about a 2 auth process to access guacamole, with notification mail
send both to user and admin?

Well whaterver, many thanks again for all the guacamole community.

Mime
View raw message