Hello folks. Regardless of whether you use MySQL, Postgres or MSSQL, your guacamole.properties configuration file still contains your database username and password in plain text so that Guacamole can connect to it. Considering the fact that to my understanding, the database itself contains connection details, including possible login info in plain text and the fact that guacamole.properties is world-readable by default, this seems like an extreme security risk. What's the appropriate way to hash or otherwise obscure the database password while still having Guacamole continue to work?
Thanks for your help. Sincerely, Dan Naumov --------------------------------------------------------------------- To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org For additional commands, e-mail: user-h...@guacamole.apache.org
