Security question [#58427]

Luis Pedro Coelho luis_pedro at
Wed May 14 12:52:03 BST 2003

Hash: SHA1

Le Mercredi 14 Mai 2003 13:41, Michael Goffioul a écrit :
> At first, I allowed to change the username, than reverted it because I
> thought this might be misused regarding print quota. Letting the user
> change its identity assumes that on the other end, the CUPS server WILL
> ask for a password. If the server is not configured to ask for a password,
> any user can use any identity to print, it's really "too easy".
> For me, it's a very small code change, but I prefer to have external
> opinions before making changes.

I don't know if I understand you correctly, so I am sorry if I am 
misunderstanding you. I don't really know how cups works with regards to 

Do you mean that there is no GUI for printing using another ID bc' the server 
might be misconfigured, ie. without basic security enabled? What is stopping 
a user from using the CLI (besides the fact that they might not be aware of 
how to do it)? This really seems bad security through bad obscurity.

Besides it has the problem that you are taking functionality away for users 
with a well configured system.

The only setting where I find this could help is iin a kiosk type of env. So, 
we'd keep this a "hidden setting" which can be set by sysadmins but not by 

- -- 
Luis Pedro Coelho

check out my game of hearts for the KDE at
Version: GnuPG v1.0.7 (GNU/Linux)


More information about the kde-core-devel mailing list