You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@guacamole.apache.org by benchu yao <ya...@gmail.com> on 2019/11/06 15:06:31 UTC
How to make a token available only to access a connection without
accessing the home page
I want to grant administrator privileges to all users. However, I want each
user to only have access to the connections they create, so I store the
connections created by each user in my own database.
Then nest the “/guacamole/#/client/***” interface into my webpage instead
of giving the user direct access to the guacamole page. However, the
browser will save the token of " / guacamole /#/ client / ***", which can
be used directly to access the guacamole home page, and the user will see
connections created by others.
If the user knows the address of the home page, is there any way to prevent
the user from accessing the home page through this token.
Thank you
Re: How to make a token available only to access a connection without
accessing the home page
Posted by Mike Jumper <mj...@apache.org>.
On Wed, Nov 6, 2019, 16:54 benchu yao <ya...@gmail.com> wrote:
> This kind of thinking is really dangerous.
>
What are you referring to?
I will modify the plan so that the secondary user created by admin can
> create a connection and create a user, then the secondary user creates a
> three-level user and authorizes the connection created by the secondary
> user.
>
Why grant the more limited, non-admin user the ability to create users at
all? What is the purpose of this third user?
- Mike
Re: How to make a token available only to access a connection without
accessing the home page
Posted by benchu yao <ya...@gmail.com>.
This kind of thinking is really dangerous.
I will modify the plan so that the secondary user created by admin can
create a connection and create a user, then the secondary user creates a
three-level user and authorizes the connection created by the secondary
user.
Thank you
Mike Jumper <mj...@apache.org> 于2019年11月7日周四 上午1:48写道:
> On Wed, Nov 6, 2019, 07:06 benchu yao <ya...@gmail.com> wrote:
>
>> I want to grant administrator privileges to all users.
>>
>
> You should not do this. Administrator privileges should be granted only to
> users that need absolute, complete access.
>
> However, I want each user to only have access to the connections they
>> create, so I store the connections created by each user in my own database.
>>
>
> If you want users to be able to create connections, but only be able to
> access the connections they have created, you should grant the users the
> "create connections" permission, not administrator privileges.
>
> The administrator permission grants all permissions. Your users are able
> to not just see each others connections, but also create additional users,
> delete existing users, modify/delete the connections of other users, kill
> active connections of other users, etc.
>
> Then nest the “/guacamole/#/client/***” interface into my webpage instead
>> of giving the user direct access to the guacamole page. However, the
>> browser will save the token of " / guacamole /#/ client / ***", which can
>> be used directly to access the guacamole home page, and the user will see
>> connections created by others.
>>
> If the user knows the address of the home page, is there any way to
>> prevent the user from accessing the home page through this token.
>>
>
> You should not rely on hiding the home page to prevent administrative
> users from exercising their permissions. Those users will still have the
> ability to access and alter everything, and you will be leaving yourself
> open to attack by a malicious user. If your users should not be able to
> access absolutely everything, they should not be granted the administrator
> privilege.
>
> - Mike
>
>
Re: How to make a token available only to access a connection without
accessing the home page
Posted by Mike Jumper <mj...@apache.org>.
On Wed, Nov 6, 2019, 07:06 benchu yao <ya...@gmail.com> wrote:
> I want to grant administrator privileges to all users.
>
You should not do this. Administrator privileges should be granted only to
users that need absolute, complete access.
However, I want each user to only have access to the connections they
> create, so I store the connections created by each user in my own database.
>
If you want users to be able to create connections, but only be able to
access the connections they have created, you should grant the users the
"create connections" permission, not administrator privileges.
The administrator permission grants all permissions. Your users are able to
not just see each others connections, but also create additional users,
delete existing users, modify/delete the connections of other users, kill
active connections of other users, etc.
Then nest the “/guacamole/#/client/***” interface into my webpage instead
> of giving the user direct access to the guacamole page. However, the
> browser will save the token of " / guacamole /#/ client / ***", which can
> be used directly to access the guacamole home page, and the user will see
> connections created by others.
>
If the user knows the address of the home page, is there any way to prevent
> the user from accessing the home page through this token.
>
You should not rely on hiding the home page to prevent administrative users
from exercising their permissions. Those users will still have the ability
to access and alter everything, and you will be leaving yourself open to
attack by a malicious user. If your users should not be able to access
absolutely everything, they should not be granted the administrator
privilege.
- Mike