You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/04/13 18:58:00 UTC
[jira] [Created] (GUACAMOLE-1025) Allow QuickConnect Extension to
Block Certain Parameters
Nick Couchman created GUACAMOLE-1025:
----------------------------------------
Summary: Allow QuickConnect Extension to Block Certain Parameters
Key: GUACAMOLE-1025
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1025
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-quickconnect
Reporter: Nick Couchman
Based on knowledge (as documented in the manual) about some of the security implications of the QuickConnect module, and a recent conversation on the mailing list, it seems like it would be good to add an option or two to the QuickConnect authentication module that allows the server administrator to control which connection parameters can be used when creating connections and which ones will be vetoed or ignored. I'm thinking that two options could be implemented:
quickconnect-allowed-parameters
quickconnect-denied-parameters
The logic would be as follows:
* If quickconnect-allowed-parameters is set, ONLY the parameters specified in that option will be allowed, and ALL others will be discarded.
* If quickconnect-denied-parameters is set, the parameters specified in that option will be discarded, and ALL others will be allowed.
* If both are set (which shouldn't happen under normal circumstances), the parameters set in quickconnect-allowed-parameters will be allowed, unless they also occur in quickconnect-denied-parameters, in which case they will be discarded along with anything else not set in quickconnect-allowed-parameters.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)