On Sun, May 3, 2020 at 6:41 AM WhiteTiger <[email protected]> wrote:
> Forgive me, I follow your comments with great interest, but on the GDPR I > don't agree very much with you. > > True, Guacamole does not contain personal data, but it is not just a remote > access tool like TeamViewer, Anydesk, VNC, and others can be. > These tools are installed on the PC of users and technicians. > Guacamole is instead a "tool" where anyone can access to the login page if > it is public or otherwise accessible from the outside. > > Only if that's how you configure it. You don't have to configure it this way. > If it is secure or protected by strong credentials and TFA is another > matter, but in the meantime anyone can access it and therefore there must > be > warnings and regulations to be respected. > > Again, this is up to you: - Guacamole can (and always should) be protected with HTTPS encryption to secure it. - Guacamole supports strong credentials. If you use the JDBC module you can configure password policies to enforce this, as documented in the manual. If you use LDAP, RADIUS, or one of the SSO modules, you can configure the password complexity requirements within those authentication systems. - Guacamole does support 2FA, either via the included TOTP module, or via other authentication systems (RADIUS or SSO). -Nick
