Visability Security Issue with Samba Printers
Jeff Sadowski
jeff_sadowski at yahoo.com
Wed Dec 22 14:13:00 PST 2004
Thank you Kurt I will try these things.
I will upgrade and try it out I should have been
a little better on my submitting to the newsgroup
I'm sorry for any Inconvience.
I should have looked for an upgrade first.
I'll follow the standard slackware build script to build the latest release.
pipitas wrote:
> That's a valid grievance of you. Please use a recent version of CUPS to get
> rid of it. See
>
> http://www.cups.org/str.php?L933
> http://www.cups.org/str.php?L920
>
> Recent versions put user credentials only in the DEVICE_URI environment
> variable (which isnt visible in "ps" or "lpstat -v" outputs). Any user
> accessible device URI is "sanitized" from the credential content before
> presenting it to the user.
>
Will do Thanks
> I am looking forward to your contributed documentation.
I'll read the documentation and see if I think there is anything I can contribute
>
> > and could have been made alot easier.
>
> I am looking forward to your source code patches or new implementations.
>
I could write a php script or so I'll see what I can do
If it hasn't been done already.
> * open your favourite browser,
> * type "http://localhost:631/sam.html" into location bar,
> * search on page for "Windows".
>
maybe a link should be added if not already done so like
<a href=http://localhost:631/sam.html>Documentation</a> to
http://localhost:631's main page I'd be glad to take a look
at the pages and make the process as easy as I can for others
> Maybe I should rather expect more complaints.
No I wouldn't even call this a complaint I was just trying to see
If it was updated. Or if this issue was brought up before
Im guessing it was but the searches I did where not sufficent.
This forum was where I found the format for the printer url.
> Try escape the characters in question, or try to put it into quotes.
yea I'll have to experiment a little see if I can make the interface
To type these in in a webbrowser to put in the escape sequences for the next guy I'm getting decent in html and php
>
> Above all, be aware that printing *from* CUPS *to* Windows is not the
> main purpose and feature CUPS was designed for. It is rather the other
> way round: make Windows the print clients printing to a CUPS print
> server.
>
> Note that the usage of the "username:password at servername" lingo inside
> the device URI is recommended nowhere. It is only provided by the CUPS
> developers as a possibility so we can *at all* print if we *urgently*
> need to use that print path.
>
This is probably why I had a hard time finding documentation on it
> In the past I for myself preferred to set up the Windows printer with
> no authentication at all and allow anonymous/guest access to it, so I
> can forego the "username:password" part of the device URI, instead of
> exposing them.
>
Im not the one in charge of my network but I can see reasons why this wouldn't be the best idea.
I think some logging issues might exist.
> Cheers,
> Kurt
>
Thank You Kurt
Maybe I can help I'll go see if there is anything I can do
Jeff Sadowski
More information about the cups
mailing list