Hi,
In response to what Mike said regarding setting headers in WebSocket
connections, why not use cookies? If you set a cookie after login, it will
be sent with the WebSocket connection request.
Thanks,
Gabriel
On Wed, May 20, 2020, 7:21 AM sciUser wrote:
> If you like to see it , you can go
If you like to see it , you can go to https://academy.securitycentric.net
create an account and I will add a demo for you and you can see how we forge
the connections. We force the token to expire on exit and a new token to be
issued for a new session.
-
A Cybersecurity Enablement Company
On Tue, May 19, 2020, 13:46 Joachim Lindenberg
wrote:
> Is logging really a concern if you use https and avoid any proxy that
> terminates (MitM)? Of course you can argue about the nginx or similar you
> put in front of Guacamole, but if both components are administrated by the
> same folks you
: Mike Jumper
Gesendet: Dienstag, 19. Mai 2020 21:06
An: user@guacamole.apache.org
Betreff: Re: Session Token in URL
On Tue, May 19, 2020, 11:52 sciUser mailto:shulb...@securitycentric.net> > wrote:
What you want is what we do, we built a provisioning system that handles Just
In tim
On Tue, May 19, 2020, 11:52 sciUser wrote:
> What you want is what we do, we built a provisioning system that handles
> Just
> In time (JIT) tokens and they expire after session is terminated,
> preventing
> students from book marking the url.
>
The token is not part of any URL exposed to the
What you want is what we do, we built a provisioning system that handles Just
In time (JIT) tokens and they expire after session is terminated, preventing
students from book marking the url. This is using the POST action with
Tomcat. Search for my posts in this forum and you will find your
Hi,
It has been observed that Sensitive information within URLs is getting logged
in various locations, including the user's browser, the web server, and any
forward or reverse proxy servers between the two endpoints. URLs may also be
displayed on-screen, bookmarked or emailed around by users.