smb backend: password disclosure ?
Michael Sweet
mike at easysw.com
Tue Oct 17 09:58:38 PDT 2006
Andriy Gapon wrote:
> I am using CUPS to print to Windows printer accessible over SMB. I have configured smb backend with proper URI that includes username and password. Everything works fine.
>
> But I am concerned that I [and any other unpriveleged user] can see the full URI including the samba password without any prior authentication if I either use CUPS Web interface and go to "Manage Printers" page or if I use KDE printer configuration.
>
> Doesn't this amount to a password disclosure ?
> Or am I doing something wrong ?
If you use a proper URI, CUPS will sanitize the URI that is disclosed
to not have any username and password information. That means putting
the username and password at the front of the URI, e.g.:
smb://username:password@workgroup/server/share
--
______________________________________________________________________
Michael Sweet, Easy Software Products mike at easysw dot com
Internet Printing and Document Software http://www.easysw.com
More information about the cups
mailing list