Lack of encryption is a security issue that's no different from any other protocol on a LAN (like NFS). If you don't trust the LAN then you tunnel the connection through SSH, VPN, etc. My major problem with scanner access was the device permissions: http://jhansonxi.blogspot.com/2010/10/scanner-access-enabler.html
Alternative solution - PHP Server Scanner: http://ubuntuforums.org/showthread.php?t=1519201&page=11 This is a PHP re-write of Linux Scanner Server (http://scannerserver.online02.com). I created some patches for LSS but the PHP version has more features (and is probably more maintainable). My patch for LSS is at: http://jhansonxi.blogspot.com/2010/10/patch-for-linux-scanner-server-v12.html Either is much better than phpSANE. Also, just noticed this: http://wiki.amahi.org/index.php/Scanner_Server There are probably other solutions out there also (like the Avahi integration which didn't function when I tried it on Lucid). > From: Martin Owens <docto...@gmail.com> > To: Julien BLACHE <jbla...@debian.org> > Date: Tue, 25 Oct 2011 19:28:49 -0400 > Subject: Re: libsane and acl group selection in udev rules > You seem to be saying it's not legacy, and then saying that it should be > legacy? I'm confused because the documentation/enablement is so poor a > systems administrator can not currently use saned whether he is informed > or ill-informed about it's security implications. > > If it has security problems, then just say it's disabled and can be > enabled thusly, report a bug upstream about it's crappness and how it > should use ssl, gpg etc. Otherwise we have a feature that sounds > dangerous (could blow up in your face) and is so difficult to set up > that setting it up looks like a big fat packaging bug. > > Surely normal operation shouldn't look like a bug, regardless of how > carefully you want systems administrators to consider the security of > their system? > > Martin, > > On Tue, 2011-10-25 at 17:57 +0200, Julien BLACHE wrote: > Pretty much the only safe and correct use case that exists for saned > is > within LTSP (and local use for scanners that can't be used as user, > like > some parallel port scanners). > > And even then, data is sent unencrypted so it is not suitable for use > with sensitive documents. > > If you really want to share a scanner, the correct solution is scan & > send (either mail or private network share), not saned. Most of the > time > you'll just end up using an old workstation and have users log into > it, > scan their documents and save them to their network share. > > -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
