[jira] [Commented] (GUACAMOLE-641) Support storage of sensitive data within key vaults

Mon, 21 Jun 2021 14:30:06 -0700 


    [ 
https://issues.apache.org/jira/browse/GUACAMOLE-641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17366840#comment-17366840
 ] 

Mike Jumper commented on GUACAMOLE-641:
---------------------------------------

Currently seeing two regressions related to the new 
{{DynamicallyAuthenticatedDataSource}} class from these changes:

# MySQL queries involving multiple SQL statements are failing due to JDBC 
driver properties not being propagated to the driver (see [corresponding thread 
on mailing 
list|https://lists.apache.org/thread.html/r446dbc0872227a8344884566dec11901170fbbefd3b280ae830d5955%40%3Cuser.guacamole.apache.org%3E]).
# New database connections are being created for essentially every query, as 
sanity checks within the MyBatis {{PooledDataSource}} test that the URL, 
username, and password for database connections match those of the 
{{DataSource}} before returning connections to the pool. This test is based on 
a hash value calculated in _most_ of the {{PooledDataSource}} constructors ... 
except the one we're calling. Unless that value is initialized, the sanity 
check always fails and connections are never added back to the pool.

> Support storage of sensitive data within key vaults
> ---------------------------------------------------
>
>                 Key: GUACAMOLE-641
>                 URL: https://issues.apache.org/jira/browse/GUACAMOLE-641
>             Project: Guacamole
>          Issue Type: New Feature
>          Components: Documentation, guacamole-client
>            Reporter: Mike Jumper
>            Assignee: Mike Jumper
>            Priority: Minor
>             Fix For: 1.4.0
>
>
> Guacamole currently provides multiple storage mechanisms for connection data, 
> but generally relies on the security of the server(s) hosting those 
> mechanisms to guard sensitive data. The same goes for the contents of 
> {{guacamole.properties}}. With the widespread availability of vault services 
> providing secure storage and retrieval of sensitive data, it would be useful 
> if Guacamole could dynamically retrieve sensitive data from these vaults, 
> including:
> * Sensitive connection data that may otherwise be stored directly in a 
> database.
> * Sensitive configuration information that may otherwise need to be stored 
> directly in {{guacamole.properties}}.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to