guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Suncatcher16 <>
Subject Re: Select User Connection Restricted by Source IP
Date Tue, 15 May 2018 04:29:03 GMT
Mike Jumper wrote
> On Sun, May 13, 2018, 04:49 Suncatcher16 &lt;

> suncatcher16@

> &gt; wrote:
>> Just a matter of taste. Both use-cases require extensions anyway. LAN/WAN
>> differentiation seems more important for me.
>> BTW, how can single user connect from different IPs simultaneously? It's
>> a
>> great breach for attacker, which could mask malicious activity. I cannot
>> imagine such use-case where that might be needed. Do you?
> Off the top of my head:
> * You step away from the computer and need to check something via your
> phone.
> * You lock your screen at work without logging out from guac, head home,
> and need to log in again.
> * You are using an anonymizing service which changes IP occasionally.
> - Mike

Sure, all of the three cases are valid, but regardless of their
justifiability they are perfect case for attacker to mask his activity.
Whether to enable them or not is a matter of choice and a matter of required
defense grade.

Sent from:

View raw message