Zdenek Dohnal wrote: > On 1/16/23 12:31, Björn Persson wrote: > > Robert Marcano via devel wrote: > >> The admin can implement CUPS > >> authentication but an ipp://localhost:60000 open port entirely open to > >> anyone on the local machine to submit print jobs directly bypassing CUPS. > > > > In that case it's also accessible to all the untrusted Javascript junk > > that regularly runs in the user's browser. Because IPP is built on HTTP, > > a Javascript program can tell the browser to send an IPP request. What > > has been done to secure those "virtual printer devices" against DNS > > rebinding attacks? > > https://en.wikipedia.org/wiki/DNS_rebinding > > I'll ask IPP-USB upstream about it, stay tuned.
What did upstream answer? Björn Persson
pgp52ZeVNAUhQ.pgp
Description: OpenPGP digital signatur
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
