[
https://issues.apache.org/jira/browse/GUACAMOLE-2064?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17949731#comment-17949731
]
Nick Couchman commented on GUACAMOLE-2064:
------------------------------------------
[~phuleratribhuwan]: Thanks for putting in this feature request, and I agree
that this would be great to have. One minor thing - I don't think the protocol
selection actually needs to invoke the binary, it just needs to make use of the
C-based libraries for the various database options and make use of Guacamole's
terminal facility for presenting a prompt to the user and sending the commands
to the back-end database.
If you're able to contribute to this, feel free to start on it and submit pull
requests!
> Feature Request – Add Guacamole Protocol Module for Secure CLI-Based Access
> to Relational Databases with Full Session Logging
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: GUACAMOLE-2064
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-2064
> Project: Guacamole
> Issue Type: New Feature
> Components: guacamole
> Affects Versions: 1.5.5
> Reporter: Tribhuwan Phulera
> Priority: Minor
>
> I would like to propose the development of a *custom protocol module* within
> Apache Guacamole to enable interactive access to various relational database
> systems (e.g., MySQL, PostgreSQL, MariaDB) through their respective
> command-line clients (e.g., {{{}mysql{}}}, {{{}psql{}}}, etc.), executed
> inside a secure pseudo-terminal (PTY) and fully integrated into the Guacamole
> web session.
> ----
> h3. {*}Key Objectives{*}:
> # Enable users to launch CLI-based database sessions via Guacamole for
> operational and administrative access.
> # The backend should dynamically spawn the appropriate database client
> (e.g., {{{}mysql{}}}, {{{}psql{}}}) within a PTY session, routed through the
> Guacamole protocol.
> # All user inputs (SQL commands) and terminal outputs (query results,
> messages) must be {*}recorded{*}, with support for file-based or remote
> logging.
> # Support basic protocol parameters such as {{{}hostname{}}}, {{{}port{}}},
> {{{}username{}}}, {{{}password{}}}, and {{{}database{}}}.
> # Implement protocol identification at runtime or during configuration to
> route to the correct CLI binary.
> ----
> h3. {*}Expected Features{*}:
> * {*}Supported Clients (initial){*}:
> ** {{mysql}} (MySQL/MariaDB)
> ** {{psql}} (PostgreSQL)
> ** Others (e.g., {{sqlcmd}} for SQL Server) can be considered for later
> phases.
> * {*}Configuration Parameters{*}:
> ** {{{}protocol{}}}: {{{}mysql{}}}, {{{}postgres{}}}, etc.
> ** {{{}host{}}}, {{{}port{}}}, {{{}username{}}}, {{{}password{}}},
> {{database}} – securely passed, not logged.
> * {*}Session Recording{*}:
> ** Capture full terminal interaction including timestamps.
> h3. {*}Acceptance Criteria{*}:
> * Users can configure and launch CLI database sessions through Guacamole UI
> or via backend DB configuration.
> * The correct binary ({{{}mysql{}}}, {{{}psql{}}}) is invoked based on
> selected protocol.
> * Full interaction (commands and responses) is logged securely.
> * Sessions gracefully handle disconnection, resizing, and cleanup.
> * Implementation adheres to Guacamole coding and packaging standards and is
> deployable via {{{}guacd{}}}.
> ----
> h3. {*}Rationale{*}:
> This enhancement will extend Guacamole's capabilities beyond SSH/Telnet to
> support *auditable, web-based access to database CLIs* in secure enterprise
> environments. It will reduce the need for direct terminal/VPN access while
> improving observability for database operations.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
