[GUACAMOLE-1025] Allow QuickConnect Extension to Block Certain Parameters - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Implemented
Affects Version/s: None
Fix Version/s: 1.4.0
Component/s: Documentation, guacamole-auth-quickconnect
Labels:
None

Description

Based on knowledge (as documented in the manual) about some of the security implications of the QuickConnect module, and a recent conversation on the mailing list, it seems like it would be good to add an option or two to the QuickConnect authentication module that allows the server administrator to control which connection parameters can be used when creating connections and which ones will be vetoed or ignored. I'm thinking that two options could be implemented:

quickconnect-allowed-parameters
quickconnect-denied-parameters

The logic would be as follows:

If quickconnect-allowed-parameters is set, ONLY the parameters specified in that option will be allowed, and ALL others will be discarded.
If quickconnect-denied-parameters is set, the parameters specified in that option will be discarded, and ALL others will be allowed.
If both are set (which shouldn't happen under normal circumstances), the parameters set in quickconnect-allowed-parameters will be allowed, unless they also occur in quickconnect-denied-parameters, in which case they will be discarded along with anything else not set in quickconnect-allowed-parameters.

Attachments

Activity

People

Assignee:: Nick Couchman

Reporter:: Nick Couchman

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 13/Apr/20 18:57

Updated:: 31/Mar/21 18:14

Resolved:: 31/Mar/21 18:14