[sane-devel] Remove user authorization support from net backend / saned frontend?

Sun Apr 24 19:00:17 BST 2022

<p dir="ltr" style="margin-top:0; margin-bottom:0;">This weekend, I tested a "Canon iR-ADV C568/478" which requires a user and password.</p>
<p dir="ltr" style="margin-top:0; margin-bottom:0;">This device allows to block printing and scans if authentication is not done.</p>
<p dir="ltr" style="margin-top:0; margin-bottom:0;">Nothing is planned in the sane-escl pilot.</p>
<br>
<br>
<p dir="ltr" style="margin-top:0; margin-bottom:0;"></p>


Le 9 avril 2022 18:36:26 GMT+02:00, Ralph Little <skelband at gmail.com> a écrit :
><pre dir="auto" class="k9mail">Hi,<br><br>On 2022-04-08 06:19, Julian H. Stacey wrote:<br><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #729fcf; padding-left: 1ex;"><blockquote class="gmail_quote" style="margin: 0pt 0pt 1ex 0.8ex; border-left: 1px solid #ad7fa8; padding-left: 1ex;">     Or, more likely: is that the same password the individual uses to<br>     log into their system? Or to access their e-mail? Or (hopefully not)<br>     their bank account?<br><br>     That is why it is actually better to use no authentication, than to<br>     allow weak authentication.<br></blockquote>It would be unfitting & intolerant to deny weak authentication when<br>we are ignorant of local environments.<br><br>We don't know people's local subnets, firewalls, VPNs, local user<br>community of colleagues & co-residents & family, & their skill<br>levels (both admins to configure, & users who might [or not] have<br>skills to sniff packets, & what devices with sniffer apps might or<br>not be able to connect to subnets.<br><br>In ignorance of user environments, we should not force others to strong<br>or none by removing weak..  Just offer suggestions & examples at install.<br><br>Cheers,<br></blockquote><br>My personal opinion is that we should provide the best protection for our users that is reasonable whilst not significantly increasing the costs of setup for users.<br>We do fairly regularly get users asking questions about how to set up the saned/net backend scenario and it is not as straightforward as it might perhaps be.<br><br>I do think that this is a useful discussion however.<br><br>In the current computing world, we are moving to a no-trust default, whether or not individual users believe that their network has much of a threat profile.<br>Modern attacks are increasingly clever viral payloads that attempt to spread themselves throughout internal network nodes.<br>I don't personally believe it likely that there are threats out there actively looking at the SANE net protocol though. Perhaps I am wrong about that. I don't know.<br><br>If we can provide an alternative to what is currently supported that provides secure authentication then I believe that would be a worthwhile thing.<br>We should consider backwards compatibility though with a view to eventually removing the current regime once a new, better method had been established.<br>If someone were keen to take that on.<br><br>We should also be considerate of any other implementations of the net protocol to see if there would be problems there. I'm thinking of some of the other language implementations.<br>I do know that there is at least a Dart implementation: we had some discussion on GitLab about it some time ago. There may be others.<br><br>Cheers,<br>Ralph<br><br></pre>
-- 
Envoyé de mon appareil Android avec Courriel Ordissimo Mail. Veuillez excuser ma brièveté.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/sane-devel/attachments/20220424/296d3d67/attachment.htm>