[
https://issues.apache.org/jira/browse/GUACAMOLE-880?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16930988#comment-16930988
]
Robert McGunsterson commented on GUACAMOLE-880:
-----------------------------------------------
This entire post is frustrating and annoying, it's a waste of good developer
time on idiotic things.
As usual, a 'too-smart' security type person has raised a theoretical scenario
and then the world needs to react to their theory.
The entire point of this program is to get data 'out' of a remote location,
visually.
It's already slow enough as it is (seriously there needs to be work on latency
and compression - it's bloody great for free and I appreciate the work, but
it's hardly high performance) we don't need to be adding random noise to
the data feed to satisfy a navel-gazing security guy.
Developers should be focused on bugs, performance, usability, features, this
feature is silly.
OP, sorry, I'm trying to not be harsh but tell the person who raised this flag
to you, to wake up. I'm sure someone with a good enough video camera and
lense, could extract data from your business from across the street through a
window aimed at 2 or 3 monitors.
Sigh
> Obfuscation of guacamole client protocol
> ----------------------------------------
>
> Key: GUACAMOLE-880
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-880
> Project: Guacamole
> Issue Type: Wish
> Components: guacamole-client, guacamole-server
> Reporter: Bolke de Bruin
> Priority: Major
> Labels: security
>
> One of the reasons we deploy guacamole is to limit data leakage
> possibilities. We recently had a audit on our infrastructure and it was shown
> that it was quite easy to leak out data through the guacamole protocol by
> creating special images inside the desktop and then using mitmproxy (python)
> and the guacamole python modules to capture the data inside those images.
> In order to limit the attack surface we would like to have obfuscation of the
> protocol if configured to do so. Of course this could be done by implementing
> a custom protocol, but it would be nice if Guacamole would have the
> facilities (hooks) to do this. One could think of allowing a custom function
> to encrypt/obfuscate the outgoing stream and attach into the javascript that
> decrypts the stream.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
