Hi Jean Louis, If you are using database authentication, Guacamole user accounts' passwords are stored encrypted with SHA256 algorithm and with different salt every time, which makes it very secure (no rainbow table attacks, for instance). Remote connection data, however, including usernames and passwords, is stored unencrypted in the database.
If the attacker managed to get access to your database, he could read that data BUT you should not worry about it if you read the answer to your second question below. Regarding your questions, I'll give you my advice. You should know that I started using guacamole couple of months ago and I am by no means an expert. > 1°) how about offering programmable access auth on different machines? or users? ( by calendar/hours ) This functionality I am looking for myself. You will notice my question from couple of days ago on this message board regarding developing extension to implement similar functionality. > 2°) how about a personnal child certificate each users would have to import in his browser to establish crypted comunication with guacamole? This certificate generated directly under guacamole of course ;-) You seem to be asking to generate a certificate to access Guacamole interface from said Guacamole interface. That does not make too much sense, really, because you would need to access it somehow in the first place, and if you are able to do that, you are compromising the whole system. Or perhaps I did not understand your intention. If you are looking for the solution where an administrator would give away certificates for clients, why not use VPN solution where your server would have a private network with clients and access would be allowed only with SSH certificates? That would also solve your security concern from above, because the IP addresses of clients would be inside private network, unaccessible from outside world. That way, even if the attacker gets hold of RDP username/password, he has no means to access the client by that IP. 3°) how about a 2 auth process to access guacamole, with notification mail send both to user and admin? I have recently developed an extension for custom user authentication. Did you consider developing an extension for that purpose? You could develop something similar to match your needs perhaps. Hope that helps. Regards, Nikola On 3 November 2016 at 12:04, jean louis Abegg <[email protected] > wrote: > Hello and many thanks to the guacamole developpement team, this tool is a > great idea! > > i've some questions about the security of the tool. > > i've used the script of HERNAN, on centos 7. Fast, easy and > straightforward! > > i've dumped the mariadb database. What if a hacker could access the DB, he > could grasp any machines declared in the DB ? > > I've seen that the users ( guacadmin and others ) have their pw encrypted. > A good point i think. > > however, i've seen either, that the password used for the connections on > the machines ( rdp, vnc...) are unencripted... > > I know, for having those informations, i've had to dump the > database...hackers probably won't have this attack surface...? > > If i plan to use guacamole for "webalising" some apps or RD on the > web...am i nutsy? Have anyone tried to hack guacamole? ( of course, leaving > only https access ) > > And that make me ask 3 other questions... > > 1°) how about offering programmable access auth on different machines? or > users? ( by calendar/hours ) > 2°) how about a personnal child certificate each users would have to > import in his browser to establish crypted comunication with guacamole? > This certificate generated directly under guacamole of course ;-) > 3°) how about a 2 auth process to access guacamole, with notification mail > send both to user and admin? > > Well whaterver, many thanks again for all the guacamole community. > > >
