[cups.general] Is there a way to password protect the website, but not print requests?
Johannes Meixner
jsmeix at suse.de
Tue Feb 5 01:34:34 PST 2013
Hello,
On Jan 30 13:52 Paul Conklin wrote (excerpt):
> I plan on exposing my server to the internet
> via port forwarding on port 631.
> I want the CUPS WI to prompt for a username / PW,
> but not when i submit a job.
Could this mean that there is no good protection when
print jobs are submitted?
If yes, it could result that arbitrary print job data can be
submitted to your printers (e.g. by using the "-o raw" option
when the print job is submitted).
As far as I know at least some printers support firmware update
by sending them special data in the same way as ordinary printing
data. Who can change a printer's firmware can hijack the printer.
Nowadays network printers are also real computers with full
network capabilities. Someone who controls a network printer
controls a printing unit plus a computer with network access.
(Google for "network printer security risk").
Therefore it is crucial to limit access to network printer
devices to trusted users.
You may also have a look at
http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
Kind Regards
Johannes Meixner
--
SUSE LINUX Products GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany
HRB 16746 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer
More information about the cups
mailing list