guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Jumper <mjum...@apache.org>
Subject Re: How to change "Guacamole RDP" On redirected drive?
Date Sun, 21 Oct 2018 02:38:36 GMT
On Sat, Oct 20, 2018, 19:20 messido <mohammad.zbaker@gmail.com> wrote:

> Speaking off passing parameters, is there a safer way to pass parameters
> from
> JS to Java than sending them as HTTP request parameters?


It is incorrect to think of GET vs. POST as unsafe.

It is true that you should generally not include sensitive information in
the URL visible in the browser. This has no bearing on visibility of data
sent strictly via JavaScript, and no bearing on whether that data will be
readable if intercepted by a third party (it will be regardless of HTTP
method unless you use proper encryption).

As far as security goes, be sure to use SSL/TLS, and be sure that you do
not allow users to arbitrarily dictate connection parameters.

- Mike

Mime
View raw message