Security question [#58427]
Luis Pedro Coelho
luis_pedro at netcabo.pt
Wed May 14 12:52:03 BST 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Mercredi 14 Mai 2003 13:41, Michael Goffioul a écrit :
> At first, I allowed to change the username, than reverted it because I
> thought this might be misused regarding print quota. Letting the user
> change its identity assumes that on the other end, the CUPS server WILL
> ask for a password. If the server is not configured to ask for a password,
> any user can use any identity to print, it's really "too easy".
> For me, it's a very small code change, but I prefer to have external
> opinions before making changes.
I don't know if I understand you correctly, so I am sorry if I am
misunderstanding you. I don't really know how cups works with regards to
authentication.
Do you mean that there is no GUI for printing using another ID bc' the server
might be misconfigured, ie. without basic security enabled? What is stopping
a user from using the CLI (besides the fact that they might not be aware of
how to do it)? This really seems bad security through bad obscurity.
Besides it has the problem that you are taking functionality away for users
with a well configured system.
The only setting where I find this could help is iin a kiosk type of env. So,
we'd keep this a "hidden setting" which can be set by sysadmins but not by
users.
Regards,
- --
Luis Pedro Coelho
check out my game of hearts for the KDE at
http://hearts.sf.net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQE+wi3oGpBAvyRwXdgRAnlgAJ4umM5VMn8IchqhtLkjqZAyRfnOowCgvFVv
IktCKZvYOnvswdfcKQjW69Y=
=Bqd9
-----END PGP SIGNATURE-----
More information about the kde-core-devel
mailing list