Jump to content
Ultimaker Community of 3D Printing Experts

Password Protecting Printer on Network


Recommended Posts

Posted · Password Protecting Printer on Network

Are there any updates on thing topic?

We are using a UM S5 and need to prevent people from accessing the Eventlog, Cura Connect etc. via the web UI.

A simple password protection would do the job for us.

Does anyone have a simple solution?

  • Like 1
Link to post
Share on other sites
Posted · Password Protecting Printer on Network
15 minutes ago, M246T said:

Are there any updates on thing topic?

We are using a UM S5 and need to prevent people from accessing the Eventlog, Cura Connect etc. via the web UI.

A simple password protection would do the job for us.

Does anyone have a simple solution?

 

On the current firmware release this is not possible. You could put a firewall in front of the printer (or separate it in a subnet) to prevent access to the web UI. In the Essentials IT admin learning course this is explained in more details.

  • Link to post
    Share on other sites
    • 1 month later...
    Posted · Password Protecting Printer on Network
    1 hour ago, yigitdurmus said:

    Is it so hard to implement that feature???

     

    Firstly, it is not trivial, because we are dealing with a security model that touches the physical and digital domains. For example adding a password to prevent stopping a print job via the local web UI does not add much value, because anyone could walk up to the printer and do it via the display as well. As a result, you'd also have to deal with authentication on the printer itself, which is much harder due to limited input possibilities (no one really wants to enter a full password on such a small screen). The embedded team is working on some options, but there not just not there yet.

     

    Secondly, it is actually not very secure, because in the local networking you cannot deploy HTTPS (this standard requires domain names, it does not work with IP addresses). So any password entered will be sent in plain-text over the local network from your browser to the printer. Very easy to intercept. You also have to store this password then on the printer. Doing SSH into the printer firmware when it's in developer/debug mode then allows you to find these passwords on the file system. Even if that's encrypted, you'd still have plenty of points to start reverse engineering them.

     

    Thirdly, adding authentication to the local web UI is not in line with our future direction. We're implementing all new functionality in the cloud-based Digital Factory, which has proper authentication, two-factor authentication, and way more options to expand upon. The local web UI is mainly there for legacy reasons. For those customers who require that UI to be not accessible, the firewall option works fine.

     

    Hopefully this gives you some insight into our line of thinking, and why we very likely will not add password protection to the local web UI.

    • Like 3
    Link to post
    Share on other sites
    Posted (edited) · Password Protecting Printer on Network
    On 10/14/2020 at 4:58 PM, ctbeke said:

     

     As a result, you'd also have to deal with authentication on the printer itself, which is much harder due to limited input possibilities (no one really wants to enter a full password on such a small screen). The embedded team is working on some options, but there not just not there yet.

     

     

    Sorry but i totaly disagree...


    For example:

    Printer stands in a seperate room (acess just for autorisated persons)

    But printer is in the local network so that i can monitor it.

    But so everbody else can watch and change things who have acess to the network.

    The room have a door with a simple thing named key 😄

     

    So a simple password protection at the webserver would be a solution for me.

    Like every other Network device I know provide (Cameras, diskstations, Octoprint 😉)

     

    I don't understand why proposals like this always are "impossible".

    The customers who really use your product are the best developer team.
    For free of course.

    I think ultimaker have to be happy to get this feedback.

    Its the best and practical
    feedbak you can get.

     

     

    I just don't know how to say that...

    You get from us:

    Password protection (just at the web server) would be a nice solution to me.

     

    You say:
    Sorry password just on the webserver is no solution for you...

    Edited by Jonas98
  • Link to post
    Share on other sites
    Posted · Password Protecting Printer on Network
    47 minutes ago, Jonas98 said:

    just don't know how to say that...

    You get from us:

    Password protection (just at the web server) would be a nice solution to me.

     

    You say:
    Sorry password just on the webserver is no solution for you...

     

    I don't think that is a correct summary of what ctbeke was saying. We are looking into security features, but only a password for the web would be just half a solution for everyone who doesn't have their printer locked up in a room. And having only half security is like no security at all. So instead, we are investing this security issue from a wider perspective, so hopefully it will deliver a solution to every user who needs more security. 

     

    If you are suggesting our development team should develop every feature request we get from a user I don't you'll ever see a new product from us ever again and a very strange user interface (based on everyone's individual needs & preferences, but launched for everyone). Instead we hear your request for security, and our response is that we are looking into it but it is not as easy as you might think. Hope this helps to create some perspective! 

  • Link to post
    Share on other sites
    Posted (edited) · Password Protecting Printer on Network
    2 hours ago, SandervG said:

     

    I don't think that is a correct summary of what ctbeke was saying. We are looking into security features, but only a password for the web would be just half a solution for everyone who doesn't have their printer locked up in a room. And having only half security is like no security at all. So instead, we are investing this security issue from a wider perspective, so hopefully it will deliver a solution to every user who needs more security. 

     

    If you are suggesting our development team should develop every feature request we get from a user I don't you'll ever see a new product from us ever again and a very strange user interface (based on everyone's individual needs & preferences, but launched for everyone). Instead we hear your request for security, and our response is that we are looking into it but it is not as easy as you might think. Hope this helps to create some perspective! 

     

    I know what you mean.

    And yes its not possible to develop a software for the need of every user.

    But the claim should be the goal.


    But a Password Protection just at the webserver ist not a "half" solution in my opinion.

    And also nothing special.

     


    Its just normal that a webserver have a password.

    My camera at home have a webserver password.

    Also if you can go to the camera and kick it from the wall 😄

    The printer stands somewhere. Nobody is going to the printer to do something with it or watch it.
    But watching this thing while sittion at your working space without standing up...This is what people do....And this would be no longer possible with a webserver password.

     

    If there is a feature to protect the display too in the future ...That would be not a bad thing.

    But as long there is no solution for this... Just a webserver pasword would be a better protection than just nothing 😄

     

     

    Edited by Jonas98
  • Link to post
    Share on other sites
    Posted · Password Protecting Printer on Network

    "Only network security is only half security and that equals no security." that is just a cheap excuse which could as well be phrased as "we dont even have the completly mandatory network security". the priority of network security comes only slightly below the priority to prevent fire hazzard caused by the machine. unacceptable/unuseable/the absolute standard.

  • Link to post
    Share on other sites
    Posted · Password Protecting Printer on Network
    3 hours ago, msengelm said:

    "Only network security is only half security and that equals no security." that is just a cheap excuse which could as well be phrased as "we dont even have the completly mandatory network security". the priority of network security comes only slightly below the priority to prevent fire hazzard caused by the machine. unacceptable/unuseable/the absolute standard.

     

    You'll be happy to hear then that an upcoming firmware release will allow you to enable a firewall, blocking all incoming traffic from the local network. This is full, 100%, network security, whereas passwords are definitely not. By enabling this firewall, users are forced to print either via USB (physical security can prevent access to this if needed), or by using the Digital Factory, which has full user management and access management in place (especially if you're a company on an Ultimaker Essentials subscription).

     

    So we take security very seriously and are doing continuous improvements in this area, as expected by more and more demanding customers as this industry matures. We just don't want to implement features that give a false sense of security.

    • Like 2
    Link to post
    Share on other sites

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
    ×
    ×
    • Create New...