Il 14/04/20 08:03, Joachim Lindenberg ha scritto:
Hello Piviul,
disabling NLA and ignoring certificates is definitely a bad advice from a
security point of view. If certs are wrong, it can usually be seen in guacd
logs.
...yes Joachim you are are right, it's never a good advise to weak
security ...but if we would like to evaluate the weight of the weakeness
introduced, we are talking about ignoring that certificates sent from a
client in a LAN can't be validated from a Certification Authority
because autosigned, isn't it? In other word ignore certificate doesn't
mean don't use them to secure the connection but weak the certificate
check... or there are other weakeness I don't see in ignoring certificates?
And if we would like evaluate the weakness introduced about don't using
NLA means that credentials are validated from the client after the
connection instead of authenticate before the connection... but
credentials and all network traffic are encrypted in both cases I hope...
There is no controversy in my question I would like only check if there
are aspects that I have no considered.
Piviul
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org
