Gentoo Forums :: View topic - vulnerability: samba password visible in cups web mangement

vulnerability: samba password visible in cups web mangement

View unanswered posts
View posts from last 24 hours

Gentoo Forums Forum Index

Networking & Security

View previous topic :: View next topic

Author

Message

yzg
Guru
Guru

Joined: 18 Jun 2005
Posts: 493

Posted: Thu Jan 29, 2015 11:43 pm Post subject: vulnerability: samba password visible in cups web mangement

I'm printing from Linux to a windows printer using cups. The configuration line in the /etc/cups/printers.conf file is

Code:

smb://domain/username:password@server/printer

It is working ok but the whole line including the password appears in the cups web i/f.

Is there a way to hide the password?

From this reference:
http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/29_CUPS-printing_131.html

Quote:

Note that the device URI will be visible in the process list of the Samba server (e.g., when someone uses the ps -aux command on Linux), even if the username and passwords are sanitized before they get written into the log files. This is an inherently insecure option; however, it is the only one. Don't use it if you want to protect your passwords.

Display posts from previous:

	Gentoo Forums Forum Index Networking & Security	All times are GMT
Page 1 of 1

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy