Closed ThierryHFR closed 4 years ago
tillkamppeter
commented
4 years ago Thank you for the patch. It should not be a security problem to poll the scanner capabilities unencrypted, as we do not have confidential data of the user, but data which is part of a published hardware device, it is the same in each copy of this model. Has someone suffering issue #34 already tested it?
alexpevzner
commented
4 years ago @tillkamppeter,
this is communication internal communication between ippusbxd and the device over USB. It cannot be encrypted.
In theory, there can be HTTP-level authentication. But I don't believe it is used in practice, because it is hard to imagine how usable logistics of authentication credentials to the IPP-over-USB daemon can be implemented.
tangyanli
commented
4 years ago @Ordissimo I tested the Ordissimo:master this morning. The issue still exists. Here is the log.
ThierryHFR
commented
4 years ago Thank you, rezerza, We've moved on, this time the capabilities file is received. I made a patch if you can test it?
tangyanli
commented
4 years ago @Ordissimo This is the log based on "Delete iteration GET request". The issue still exists.
ThierryHFR
commented
4 years ago Thank you very much @tangyanli ! Can you test again?
tangyanli
commented
4 years ago Ok, I will test it tomorrow. Hope it is fixed. :-)
tangyanli
commented
4 years ago @Ordissimo I tested it on Ubuntu20.04 & Debian10 eSCL is advertised well. Thanks.
ThierryHFR
commented
4 years ago @tangyanli Thanks for the tests!
@tillkamppeter #34 is resolved:
tillkamppeter
commented
4 years ago Thank you very much for this pull request, I have merged it now.
Try to solve the issue #34 Authentication has been removed. The request is still made in clear text. HEAD requests are deleted Thanks to @alexpevzner for these ideas