guacamole-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manoj Patil <manoj2pa...@gmail.com>
Subject Re: guacamole not update custom java script
Date Mon, 10 Jun 2019 08:57:35 GMT
dear,

Sure,

 i am not checking this at client side i am checking client address at server side and make
changes at server side.


> On 09-Jun-2019, at 11:13 PM, Mike Jumper <mjumper@apache.org> wrote:
> 
> On Sun, Jun 9, 2019, 00:30 Manoj Patil <manoj2patil@gmail.com <mailto:manoj2patil@gmail.com>>
wrote:
> 
> Dear,
> 
> Because of our employee work from Home and the security reason we kept those login ip
in Mysql server and next time we only allow from that ip next one is we monitor there working
hour also
> 
> Login history is already tracked:
> 
> http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-schema-login-history <http://guacamole.apache.org/doc/gug/jdbc-auth.html#jdbc-auth-schema-login-history>
> 
> 
> hence we make come changes in .JS file
> 
> If login history weren't tracked, JavaScript would not be the place to add such tracking.
Relying on the client side to report its own address or to enforce restrictions would mean
that your solution is vulnerable to tampering.
> 
> Such tracking and enforcement can only safely be done server-side.
> 
> - Mike
> 


Mime
View raw message