Design Ideas

[brandon wehde <ww...@gmail.com>]

Hi,

I hope this is the right place to send this, but I have a few ideas for
guacamole that I would like to see in upcoming releases. I'm more than
willing to help with the development where possible.

Here are the changes/features i'd love to see:

1) A button for the delete key on the text input keyboard method or add a
ctl+alt+del macro to the mobile side menu.
2) A template that is assignable to users that only an administrator can
edit.
3) In the guacamole_connection_history table log the remote IP address that
established the connection.
4) Web side variables for username and passwords. Ie: create a connection
that will use the currently logged in users username/pass or the ldap
user/pass. That way one template could work across many users (mainly for
rdp).
5) Encrypt and salt the guacamole_connection_parameter.parameter_value
where parameter_name = password.

Let me know if there is anything I can help with. Otherwise keep up the
great work.

Thanks!

Re: Design Ideas

[Mike Jumper <mi...@guac-dev.org>]

On Fri, Jun 17, 2016 at 10:39 AM, brandon wehde <ww...@gmail.com> wrote:

> Hi,
>
> I hope this is the right place to send this, but I have a few ideas for
> guacamole that I would like to see in upcoming releases. I'm more than
> willing to help with the development where possible.
>

Hi, Brandon. This is indeed the right place.


> Here are the changes/features i'd love to see:
>
> 1) A button for the delete key on the text input keyboard method or add a
> ctl+alt+del macro to the mobile side menu.
>

Sure. If you'd like to add a "Del" key to the text input, I think that
would be a very nice first contribution to the project. Feel free to open
an issue in JIRA [1] to track the development of this, and give it a try.
Please also see our contribution guidelines [2], as they cover the whole
process in detail.

To be clear: there is no "mobile side menu" - that menu is a general
feature of Guacamole and has utility on both desktops and mobile devices.
We've been rather careful to avoid mobile-specific anything in guac's
interface design.

2) A template that is assignable to users that only an administrator can
> edit.
>

What do you mean by this?

3) In the guacamole_connection_history table log the remote IP address that
> established the connection.
>

This, also, is a good idea. As above, just open an issue in JIRA so that
the development is tracked (wouldn't want to duplicate work already
underway, right?) and start digging into the code. We're here if you have
any questions.


> 4) Web side variables for username and passwords. Ie: create a connection
> that will use the currently logged in users username/pass or the ldap
> user/pass. That way one template could work across many users (mainly for
> rdp).
>

This has actually already been implemented. We call these variables
"parameter tokens":

http://guacamole.incubator.apache.org/doc/gug/configuring-guacamole.html#parameter-tokens


> 5) Encrypt and salt the guacamole_connection_parameter.parameter_value
> where parameter_name = password.
>
>
Sure. JIRA issue, start digging, etc. ;)

BUT:

The parameter names used by the supported protocols are completely
arbitrary (dictated only by the "args" instruction [3] during the handshake
phase [4]), so you shouldn't assume that the only sensitive parameter is
named "password", nor that any other parameters are universally safe to
expose for all use cases. The best approach would be to encrypt everything.
Leave nothing to chance.

Thanks,

- Mike

[1] https://issues.apache.org/jira/browse/GUACAMOLE/
[2]
https://raw.githubusercontent.com/apache/incubator-guacamole-client/master/CONTRIBUTING
[3]
http://guacamole.incubator.apache.org/doc/gug/protocol-reference.html#args-instruction
[4]
http://guacamole.incubator.apache.org/doc/gug/guacamole-protocol.html#guacamole-protocol-handshake