You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/04/13 18:58:00 UTC

[jira] [Created] (GUACAMOLE-1025) Allow QuickConnect Extension to Block Certain Parameters

Nick Couchman created GUACAMOLE-1025:
----------------------------------------

             Summary: Allow QuickConnect Extension to Block Certain Parameters
                 Key: GUACAMOLE-1025
                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1025
             Project: Guacamole
          Issue Type: Improvement
          Components: guacamole-auth-quickconnect
            Reporter: Nick Couchman


Based on knowledge (as documented in the manual) about some of the security implications of the QuickConnect module, and a recent conversation on the mailing list, it seems like it would be good to add an option or two to the QuickConnect authentication module that allows the server administrator to control which connection parameters can be used when creating connections and which ones will be vetoed or ignored.  I'm thinking that two options could be implemented:

quickconnect-allowed-parameters
quickconnect-denied-parameters

The logic would be as follows:
* If quickconnect-allowed-parameters is set, ONLY the parameters specified in that option will be allowed, and ALL others will be discarded.
* If quickconnect-denied-parameters is set, the parameters specified in that option will be discarded, and ALL others will be allowed.
* If both are set (which shouldn't happen under normal circumstances), the parameters set in quickconnect-allowed-parameters will be allowed, unless they also occur in quickconnect-denied-parameters, in which case they will be discarded along with anything else not set in quickconnect-allowed-parameters.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)