Closed pierre42100 closed 1 year ago
This is due to the latter. If you are terminating TLS at a proxy and have turned on basic authentication (as opposed to oauth) you are passing credentials in the clear over the network.
What I probably will do is allow "REMOTE_USER" to be set by a trusted proxy, so that authentication can happen at the proxy instead, so there is no need to deal with credentials.
OK thank you for you quick response.
But I have a question: if the reverse proxy and the gateway are on the same machine, it is not really a security issue to have cleartext connection between the two : an attacker would need to gain privileged access on the machine to capture traffic, so he would be able to access these credentials by other means anyway. In this case, wouldn't it be easier to just print a warning instead of a fatal error?
That's not entirely true. With perfect forward secrecy (pfs) an attacker would need to reconfigure the server to capture the traffic and decrypt it (we are also protecting the user here not just the backend rdp service). Obviously this can be done, but it is another layer. Basically, I don't want people to shoot themselves in the foot by accidentally having an insecure config, because who reads warnings anyway especially in the type of home/sme setup you mentioned?
I intend to add to add ACME support (letsencrypt etc) to make obtaining certificates easier.
@pierre42100 ACME / Letsencrypt is now in.
Great, that's a good compromise, if the gateway can request itself a certificate. Thank you, I will close the issue then.
Hello,
First, I would like to thank you for this great project. It's always good to have FOSS alternatives to Windows-only, closed-source softwares.
I have a question about these lines of code (in
configuration.go
):Is there a technical limitation that prevent using rdpgw behind a reverse proxy with a local authentication, or you did this to enforce end-to-end credentials encryption ?
Thank you