On Tue, Mar 21, 2017 at 12:31 PM, tek0011 <[email protected]> wrote:
> Mike Jumper wrote > > For the sake of anyone happening across this email while searching for > > similar things: beware that this is not a recommended approach. Embedding > > credentials within a URL not good practice. > > While true, I am so happy I found the ability to do that after 100's of > links opened in google. Our internal lab houses a good 10,000 servers and > there is no access to the outside world, so we really hate security. In > this day and age its almost more difficult to get around it or turn it off. > > Regarding the API, I thought that it wasnt external? We were looking for > some way to make RESTful API calls to manage most of this, when we first > took on the project. > > The REST API used by the Guacamole web application is not external, correct. What I refer to here is the core API which drives Guacamole. It's not REST, but client-side JavaScript and server-side Java. The core API (guacamole-common and guacamole-common-js) implements the means of communicating with guacd via tunnels, the means of displaying the remote desktop session within the browser, as well as convenient handling for keyboard/mouse/touch events. The authentication subsystem (and extension subsystem) are specific to the Guacamole web application. If you write your own web application using the same core, you can dictate how connections are established, how authentication works, and if authentication is even present. - Mike
