WhiteTiger-2 wrote > Forgive me, I follow your comments with great interest, but on the GDPR I > don't agree very much with you. > > True, Guacamole does not contain personal data, but it is not just a > remote > access tool like TeamViewer, Anydesk, VNC, and others can be. > These tools are installed on the PC of users and technicians. > Guacamole is instead a "tool" where anyone can access to the login page if > it is public or otherwise accessible from the outside.
Sorry but I don't agree with you. As a GDPR expert (GDPR is our core business), make a secure login page is "security by default", this mean that you MUST provide a login page that is secure, this mean have HTTPS login page with something like NGINX as reverse proxy (or Apache), have a valid SSL certificate (ones from Let's Encrypt will be ok), and implement 2FA (for security reason implement ALWAYS 2FA! Something like TOTP, SSO, Radius, ...) plus apply best practices (password expiring, complexity, password hystory, inactive users...). If you check, Guacamole login page have no cookie at all, so you will not need to have a cookie policy nor a privacy policy published just because access to remote resorces is guarantee ONLY to employers and/or collaborators, there is NOT a register page where I can collect personal data. >From GDPR side, the only things you need to do to be compliant is to give proper informations about how you (I mean the company) can access personal data of your employes and/or collaborators and what they can and can not do with this tool; if you have this document signed and accepted, you are compliant for it. My 2 cents, Alessandro. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
