[cups.general] hiding unwanted printers
henri
henri at stmargarets.school.nz
Thu Sep 11 21:56:12 PDT 2008
This is good point!
> By the way:
> Let untrusted users "connect his own machine" (where he is "root")
> can result arbitrary problems (e.g. because each machine is its
> own ARP server and usually the other machines blindly trust
> ARP replies, he can fake to be whatever server - with a 50%
> likelihood).
PrintAgent can use SSL certificates to secure user password traversing
the network to untrusted servers. However, this will not stop data
going to any rouge printservers operating on your network. CUPS will
come up with some way to deal with these issues. Who knows maybe they
will opt for some sort of SSL certificate model?
Bottom line; If you have machines on your network to which people have
root access on, then there are going to be security issues.
Good quality networking gear will assist you. But, it would be best to
keep these users on a separate network if at all possible.
There is a saying, that goes something along the lines of "a secure
computer is powered off and then placed inside concrete so it can not
be easily accessed." In addition, shooting this out into space will
make it even more difficult for people on earth to heck this concrete
box.
Seriously, Kerberos is option to deal/address these issues.
Hope this helps.
Related Links :
Kerberos : http://www.web.mit.edu/Kerberos/
PrintAgent : http://www.lucidsystems.org/printingworks/PrintAgent
More information about the cups
mailing list