I have seen this type of deployment many times in the financial
services sector. The biggest problem in this case is the use of
Citrix - if misconfigured this can lead to someone being able to
break out into the operating system of Citrix, and then whereever
they can get from there (potentially allowing someone onto an
Intranet or something).
My 2c
On Jul 13, 2005, at 7:05 PM, Saqib Ali wrote:
> Hello WebAppSec gurus,
>
> I have web based application that I would like to further secure by
> tunneling it through SecureICA (Citrix) protocol. So basically I will
> be publishing the web based application in Internet Explorer on a
> Citrix Farm. This will prevent any files to be cached on the user's
> local computer.
>
> I application itself requires authentication. But I would like to keep
> the connections to the Citrix server anonymous. This way, I can delete
> the anonymous user's windows profiles upon logoff, and thus clearing
> any cached files and/or cookies.
>
> I am sure other people other people are doing this as well. So I would
> like to hear about some experiences using this type of stack to secure
> applications. What are some of the issues that I should look out for?
>
> --
> In Peace,
> Saqib Ali
> http://www.xml-dev.com/blog/
>
>
>
Received on Jul 14 2005
Intro
