Re: Publishing Web Based Application via ICA protocol

[Justin Clarke <justin () justinclarke com>]

I have seen this type of deployment many times in the financial  
services sector.  The biggest problem in this case is the use of  
Citrix - if misconfigured this can lead to someone being able to  
break out into the operating system of Citrix, and then whereever  
they can get from there (potentially allowing someone onto an  
Intranet or something).

My 2c

On Jul 13, 2005, at 7:05 PM, Saqib Ali wrote:

> Hello WebAppSec gurus,
>
> I have web based application that I would like to further secure by
> tunneling it through SecureICA (Citrix) protocol. So basically I will
> be publishing the web based application in Internet Explorer on a
> Citrix Farm. This will prevent any files to be cached on the user's
> local computer.
>
> I application itself requires authentication. But I would like to keep
> the connections to the Citrix server anonymous. This way, I can delete
> the anonymous user's windows profiles upon logoff, and thus clearing
> any cached files and/or cookies.
>
> I am sure other people other people are doing this as well. So I would
> like to hear about some experiences using this type of stack to secure
> applications. What are some of the issues that I should look out for?
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/