[jira] [Commented] (GUACAMOLE-1165) Allocate VNC port sequentially for XDMCP

Sun, 30 Aug 2020 17:23:37 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-1165?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17187355#comment-17187355
 ] 

Nick Couchman commented on GUACAMOLE-1165:
------------------------------------------

To add to Mike's comments, here:
* Security - this is a little outside of Guacamole itself, but how can you 
guarantee that a user won't log on, find the port they are on (easily), and 
then allocate the next 20 ports to a man-in-the-middle proxy that records all 
keystrokes and screen recordings?  Guacamole would be none the wiser and would 
happily just connect users to the ports.  I can do something like this in about 
10 minutes, and I'm no pen tester.
* What if a user disconnects and wants to reconnect?  How does Guacamole keep 
track of that and put them back in the correct place, rather than just 
incrementing to the next port?
* What if a user disconnects and the server re-uses that port number of the 
previous connection?  How does Guacamole know to go back to that port number 
and re-use it rather than just continuing to ever-higher ports?

Seems like there are several ways that Guacamole and the server can get 
out-of-sync with one another.

> Allocate VNC port sequentially for XDMCP
> ----------------------------------------
>
>                 Key: GUACAMOLE-1165
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-1165
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: VNC
>    Affects Versions: 1.2.0
>            Reporter: Braihan Cantera
>            Priority: Trivial
>
> In VNC connections, it would be useful to have a "*XDMCP*" toggle option 
> which makes when enabled to automatically allocate VNC port to each new 
> connection to XDMCP enabled servers so users can have multi sessions over VNC 
> to linux servers.
> Example:
>  * XDMCP: on
>  * User1 connects to server1 via VNC connection, guacamole connects to 
> server1:5900
>  * User2 connects to server1 via VNC connection, guacamole connects to 
> server1:5901
>  * User1 and User2 can now use server1 in parallel leveraging XDMCP
> This would provide real multi session "remote desktop" experience to VNC 
> connections in guacamole.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to