Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
vulnerability: samba password visible in cups web mangement
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
yzg
Guru
Guru


Joined: 18 Jun 2005
Posts: 463

PostPosted: Thu Jan 29, 2015 11:43 pm    Post subject: vulnerability: samba password visible in cups web mangement Reply with quote

I'm printing from Linux to a windows printer using cups. The configuration line in the /etc/cups/printers.conf file is

Code:

smb://domain/username:password@server/printer


It is working ok but the whole line including the password appears in the cups web i/f.

Is there a way to hide the password?

From this reference:
http://www.linuxtopia.org/online_books/network_administration_guides/samba_reference_guide/29_CUPS-printing_131.html

Quote:

Note that the device URI will be visible in the process list of the Samba server (e.g., when someone uses the ps -aux command on Linux), even if the username and passwords are sanitized before they get written into the log files. This is an inherently insecure option; however, it is the only one. Don't use it if you want to protect your passwords.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum