philosophy

François Patte francois.patte at mi.parisdescartes.fr
Fri Mar 25 09:38:54 UTC 2016 

Le 24/03/2016 17:01, Christopher a écrit :
> On Wed, Mar 23, 2016 at 8:06 PM Rick Stevens <ricks at alldigital.com
> <mailto:ricks at alldigital.com>> wrote:
> 
>     On 03/23/2016 04:31 PM, George N. White III wrote:
>     > On Wed, Mar 23, 2016 at 7:57 PM, François Patte
>     > <francois.patte at mi.parisdescartes.fr
>     <mailto:francois.patte at mi.parisdescartes.fr>
>     > <mailto:francois.patte at mi.parisdescartes.fr
>     <mailto:francois.patte at mi.parisdescartes.fr>>> wrote:
> 
> [snip]
> 
>     This is a security issue. Automatically opening your firewall to permit
>     ipp and such could be inviting attacks from the outside world.
>     Obviously, if your machine is behind another firewall protecting you
>     from the big, bad Internet then yeah, there's really no problem with
>     opening up ipp and such on your _machine's_ firewall.
> 

"This is a security issue". This is the magic invocation! But in this --
configuration of a printer -- what is an alternate solution? You *must*
open the port 631! If it not automatically done while configuring cups,
you will have to open it manually! Except in the case of an usb
configuration for a local printer. Nowadays, most people have several
computers at home and only one printer for everybody, so you must have a
network computer configuration and port 631 must be open by default.

Talking about security, it would be better to talk about ssh! port 22 is
open by default in a fresh install, worse: root login is enabled by
default in ssh config file! If you want more security, ssh root login
should disabled, even (I think) only rsa authentication should be the
only way to connect through ssh! But it is not done by default when you
install fedora (or other distributions).

-- 
François Patte
UFR de mathématiques et informatique
Laboratoire CNRS MAP5, UMR 8145
Université Paris Descartes
45, rue des Saints Pères
F-75270 Paris Cedex 06
Tél. +33 (0)1 8394 5849
http://www.math-info.univ-paris5.fr/~patte

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20160325/3fdeeaca/attachment.sig>

More information about the users mailing list