yzg Guru
Joined: 18 Jun 2005 Posts: 493
|
Posted: Thu Jan 29, 2015 11:43 pm Post subject: vulnerability: samba password visible in cups web mangement |
|
|
I'm printing from Linux to a windows printer using cups. The configuration line in the /etc/cups/printers.conf file is
Code: |
smb://domain/username:password@server/printer
|
It is working ok but the whole line including the password appears in the cups web i/f.
Is there a way to hide the password?
From this reference:
http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/29_CUPS-printing_131.html
Quote: |
Note that the device URI will be visible in the process list of the Samba server (e.g., when someone uses the ps -aux command on Linux), even if the username and passwords are sanitized before they get written into the log files. This is an inherently insecure option; however, it is the only one. Don't use it if you want to protect your passwords.
|
|
|