Nick Couchman created GUACAMOLE-1025:
----------------------------------------
Summary: Allow QuickConnect Extension to Block Certain Parameters
Key: GUACAMOLE-1025
URL: https://issues.apache.org/jira/browse/GUACAMOLE-1025
Project: Guacamole
Issue Type: Improvement
Components: guacamole-auth-quickconnect
Reporter: Nick Couchman
Based on knowledge (as documented in the manual) about some of the security
implications of the QuickConnect module, and a recent conversation on the
mailing list, it seems like it would be good to add an option or two to the
QuickConnect authentication module that allows the server administrator to
control which connection parameters can be used when creating connections and
which ones will be vetoed or ignored. I'm thinking that two options could be
implemented:
quickconnect-allowed-parameters
quickconnect-denied-parameters
The logic would be as follows:
* If quickconnect-allowed-parameters is set, ONLY the parameters specified in
that option will be allowed, and ALL others will be discarded.
* If quickconnect-denied-parameters is set, the parameters specified in that
option will be discarded, and ALL others will be allowed.
* If both are set (which shouldn't happen under normal circumstances), the
parameters set in quickconnect-allowed-parameters will be allowed, unless they
also occur in quickconnect-denied-parameters, in which case they will be
discarded along with anything else not set in quickconnect-allowed-parameters.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
