cgi-bin: localhost

Helge Blischke h.blischke at srz.de
Fri Jul 15 05:23:33 PDT 2005


Peter Somogyi wrote:
> 
> Hi Michael,
> 
> I'd like to ressurect an old topic (subject: "cgi-bin: localhost").
> Our customer still needs the change (that the web client should connect to any other cups server, not only localhost).
> We need a detailed explanation what does it mean:
> "you will seriously break normal authentication..."
> 
> There are already some tools existing to do the same or more functionality like the web client - remotely. Why web client cannot be modified?
> 
> What's the difficulty: too much work, too much security risk, or some incompatibility?
My non authoritative answer is: it is a matter of how much you trust your customers or you don't.
Depending on your overall systems/network configuration, you may choose an
authentication system that matches your needs.
> 
> Thank you in advance.
> 
> Note: we cannot use "localhost" because of some host virtualization mechanism.
> 
> Peter
> 
> > oehmes at de.ibm.com wrote:
> > > ...
> > > the Problem we have is , we run multiple Cups Servers on one single
> > > box and have somehow to manage them .would it be acceptable , if we
> > > would provide a patch to fix this ? how sould we fix it , would it be
> > > enough to build in a second Option in cupsd.conf to listen on one
> > > port for print jobs and on another port (which can default point to
> > > localhost ) for management ? or any other ideas ..  ?
> >
> > Listen on different ports for each server (e.g. "Listen
> > localhost:8631") - the web interface will get the current local
> > port number, while the external addresses can continue to use port
> > 631.
> >
> > You *cannot* get by without the localhost interface since all of the
> > client authentication code depends on it to pass local authentication
> > certificates.  If you modify that code to pass it all the time, then
> > you will seriously break normal authentication...
> >

-- 
Helge Blischke
Softwareentwicklung
SRZ Berlin | Firmengruppe besscom
http://www.srz.de




More information about the cups-devel mailing list