You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@guacamole.apache.org by "Nick Couchman (Jira)" <ji...@apache.org> on 2020/12/24 12:08:00 UTC
[jira] [Commented] (GUACAMOLE-1244) Provide secure way to add MySQL
password in guacamole configuration file
[ https://issues.apache.org/jira/browse/GUACAMOLE-1244?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17254520#comment-17254520 ]
Nick Couchman commented on GUACAMOLE-1244:
------------------------------------------
Do you have suggestions on how to do this? By definition, because this is a configuration file, the password must be reversible; therefore, pretty much any method which "secures" the password is really just obscuring it, making it ever so slightly more difficult for someone to locate the value and decrypt it.
This has been requested multiple times in the past, and we've concluded that the value for obscuring the database configuration password in the guacamole.properties file is very low. You should make sure that the permissions are set appropriately on the guacamole.properties file and its containing directory (/etc/guacamole, usually), as this will provide a reasonable level of security. In my case I run both guacd and Tomcat under a dedicated user account, and only this account has access to that directory (directory mode 0700, file mode 0600).
> Provide secure way to add MySQL password in guacamole configuration file
> ------------------------------------------------------------------------
>
> Key: GUACAMOLE-1244
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1244
> Project: Guacamole
> Issue Type: Improvement
> Affects Versions: 1.2.0
> Reporter: leo las
> Priority: Minor
>
> Provide secure way to add MySQL password in guacamole configuration file
--
This message was sent by Atlassian Jira
(v8.3.4#803005)