cgi-bin: localhost

[Peter Somogyi]

Hi Michael,

I'd like to ressurect an old topic (subject: "cgi-bin: localhost").
Our customer still needs the change (that the web client should connect to any other cups server, not only localhost).
We need a detailed explanation what does it mean:
"you will seriously break normal authentication..."

There are already some tools existing to do the same or more functionality like the web client - remotely. Why web client cannot be modified?

What's the difficulty: too much work, too much security risk, or some incompatibility?

Thank you in advance.

Note: we cannot use "localhost" because of some host virtualization mechanism.

Peter

> oehmes at de.ibm.com wrote:
> > ...
> > the Problem we have is , we run multiple Cups Servers on one single
> > box and have somehow to manage them .would it be acceptable , if we
> > would provide a patch to fix this ? how sould we fix it , would it be
> > enough to build in a second Option in cupsd.conf to listen on one
> > port for print jobs and on another port (which can default point to
> > localhost ) for management ? or any other ideas ..  ?
>
> Listen on different ports for each server (e.g. "Listen
> localhost:8631") - the web interface will get the current local
> port number, while the external addresses can continue to use port
> 631.
>
> You *cannot* get by without the localhost interface since all of the
> client authentication code depends on it to pass local authentication
> certificates.  If you modify that code to pass it all the time, then
> you will seriously break normal authentication...
>
> --
> ______________________________________________________________________
> Michael Sweet, Easy Software Products           mike at easysw dot com
> Printing Software for UNIX                       http://www.easysw.com