On Thu, Sep 8, 2022 at 9:31 AM Sean Hulbert <[email protected]> wrote: > > Hello > > Here are some security questions I have about Guacamole. > > 1. Does it support FIPS 140-2 > a. If enabled on Ubuntu 20.04 LTS are there any known issues
The current known issues with FIPS are: https://issues.apache.org/jira/browse/GUACAMOLE-1674?jql=project%20%3D%20GUACAMOLE%20AND%20type%20%3D%20Bug%20AND%20text%20~%20fips > 2. We noticed that cookies aren’t used anymore, is there a setting to > time out the session if idle for X time or is that based on Guest OS? You should never rely on cookie expiration alone for session expiration. Guacamole handles session expiration on the server side, with a default session timeout of 1 hour. https://guacamole.apache.org/doc/gug/configuring-guacamole.html#guacamole-properties > 3. The MFA TOTP what is the location of control file or the > pre-compiled code, we like to review it for adding additional functions. I don't understand what you're asking here. What control file and what pre-compiled code? The source to the entire web application, including the TOTP support and all other extensions, is in the "apache/guacamole-client" repository: https://github.com/apache/guacamole-client/ - Mike --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
