CUPS and printer security

[Helge Blischke]

"John A. Murdie" wrote:
> 
> Do CUPS and IPP implement a printer security mechanism, or is one planned?
> 
> I know of - and make use of - HP printers' restricted access list of IP addresses, which allow each printer to be configured so that they will only accept print requests and administrative configuration access (by telnet or to their web server) from one of the IP addresses in their list - which, of course, can be limited to one's print server. Thus you can be sure that any print usage accounting the print server performs is complete. (It is also useful, for instance, to prevent any pre-prepared commercial forms and settings on the printer being used by those not authorised for them; and to prevent printers coming under denial of service attacks - the servers and the desktop client systems at your site are secure, but your printers are wide open to attack.)
> 
> The access control lists are, of course, printer manufacturer specific. Does IPP and CUPs implement a more general security mechanism - perhaps one based on cryptographic key exchange?
> 
> John A. Murdie
> Department of Computer Science
> University of York
> UK

I don't remember if IPP itself provides such a mechanism, but CUPS does by the 
DenyFrom and AllowFrom directives in cupsd.conf. With little effort, you may set these
directives for any printer (besides a default access control which is valid for all
destinations that haven't been specifically configured.

Helge

-- 
Helge Blischke
Softwareentwicklung
SRZ Berlin | Firmengruppe besscom
http://www.srz.de