I agree with always use https, but disagree with always 2FA, and password expiries have to be considered a bad practice nowadays. But all of this is kind of off-topic w.r.t. Gucacamole - ultimately all of us have to make their own decisions and sometimes trade-offs. What I believe we should agree on is, that it should be easier to customize the user interface, no matter what the reason is. I know it is possible to write an extension doing that, but an example extension with good documentation would be definitely welcome. Right now there are many extensions out for authentication, but I am not aware of any that comes without java code but extends the user interface, and if only adding a link or overriding an image. Does anyone have source code and is willing to share it? Thanks & Best Regards, Joachim
-----Ursprüngliche Nachricht----- Von: Niubbo75 <[email protected]> Gesendet: Sunday, 3 May 2020 16:29 An: [email protected] Betreff: Re: How can Guacamole be customized? WhiteTiger-2 wrote > Forgive me, I follow your comments with great interest, but on the > GDPR I don't agree very much with you. > > True, Guacamole does not contain personal data, but it is not just a > remote access tool like TeamViewer, Anydesk, VNC, and others can be. > These tools are installed on the PC of users and technicians. > Guacamole is instead a "tool" where anyone can access to the login > page if it is public or otherwise accessible from the outside. Sorry but I don't agree with you. As a GDPR expert (GDPR is our core business), make a secure login page is "security by default", this mean that you MUST provide a login page that is secure, this mean have HTTPS login page with something like NGINX as reverse proxy (or Apache), have a valid SSL certificate (ones from Let's Encrypt will be ok), and implement 2FA (for security reason implement ALWAYS 2FA! Something like TOTP, SSO, Radius, ...) plus apply best practices (password expiring, complexity, password hystory, inactive users...). If you check, Guacamole login page have no cookie at all, so you will not need to have a cookie policy nor a privacy policy published just because access to remote resorces is guarantee ONLY to employers and/or collaborators, there is NOT a register page where I can collect personal data. >From GDPR side, the only things you need to do to be compliant is to give >proper informations about how you (I mean the company) can access personal >data of your employes and/or collaborators and what they can and can not do >with this tool; if you have this document signed and accepted, you are >compliant for it. My 2 cents, Alessandro. -- Sent from: http://apache-guacamole-general-user-mailing-list.2363388.n4.nabble.com/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
