guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <>
Subject Re: Connection errors on no-auth unless logout first.
Date Fri, 24 Mar 2017 17:39:29 GMT
On Tue, Mar 21, 2017 at 12:31 PM, tek0011 <> wrote:

> Mike Jumper wrote
> > For the sake of anyone happening across this email while searching for
> > similar things: beware that this is not a recommended approach. Embedding
> > credentials within a URL not good practice.
> While true, I am so happy I found the ability to do that after 100's of
> links opened in google.  Our internal lab houses a good 10,000 servers and
> there is no access to the outside world, so we really hate security.  In
> this day and age its almost more difficult to get around it or turn it off.
> Regarding the API, I thought that it wasnt external?  We were looking for
> some way to make RESTful API calls to manage most of this, when we first
> took on the project.
The REST API used by the Guacamole web application is not external,
correct. What I refer to here is the core API which drives Guacamole. It's
not REST, but client-side JavaScript and server-side Java. The core API
(guacamole-common and guacamole-common-js) implements the means of
communicating with guacd via tunnels, the means of displaying the remote
desktop session within the browser, as well as convenient handling for
keyboard/mouse/touch events.

The authentication subsystem (and extension subsystem) are specific to the
Guacamole web application. If you write your own web application using the
same core, you can dictate how connections are established, how
authentication works, and if authentication is even present.

- Mike

View raw message