WebApp Sec mailing list archives
Re: Publishing Web Based Application via ICA protocol
From: Justin Clarke <justin () justinclarke com>
Date: Thu, 14 Jul 2005 09:18:44 -0400
I have seen this type of deployment many times in the financial services sector. The biggest problem in this case is the use of Citrix - if misconfigured this can lead to someone being able to break out into the operating system of Citrix, and then whereever they can get from there (potentially allowing someone onto an Intranet or something).
My 2c On Jul 13, 2005, at 7:05 PM, Saqib Ali wrote:
Hello WebAppSec gurus, I have web based application that I would like to further secure by tunneling it through SecureICA (Citrix) protocol. So basically I will be publishing the web based application in Internet Explorer on a Citrix Farm. This will prevent any files to be cached on the user's local computer. I application itself requires authentication. But I would like to keep the connections to the Citrix server anonymous. This way, I can delete the anonymous user's windows profiles upon logoff, and thus clearing any cached files and/or cookies. I am sure other people other people are doing this as well. So I would like to hear about some experiences using this type of stack to secure applications. What are some of the issues that I should look out for? -- In Peace, Saqib Ali http://www.xml-dev.com/blog/
Current thread:
- Publishing Web Based Application via ICA protocol Saqib Ali (Jul 13)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 14)
- <Possible follow-ups>
- RE: Publishing Web Based Application via ICA protocol Welsh, Ed (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- Re: Publishing Web Based Application via ICA protocol Chuck (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Justin Clarke (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 14)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 14)
- Re: Publishing Web Based Application via ICA protocol jose . varghese (Jul 15)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Jose Varghese (Aug 02)
- Re: Publishing Web Based Application via ICA protocol Saqib Ali (Jul 16)
- RE: Publishing Web Based Application via ICA protocol Evans, Arian (Jul 18)