To do anything worthwhile in the cups http interface I always need to enter my root password... I never thought much about it when I went there with Firefox. But I recently happened to be running opera when I wanted to change the printer default option to grayscale, but when the admin login prompt popped up, opera warns in red letters,
"Your password will be sent unencrypted"

I'm not really sure I understand this correctly, but even if opera's warning is correct and when I login as root to localhost631 to change some printer settings, and my root password really is always sent without encryption, I'm hoping that since localhost is in fact the computer I'm running, this unencrypted transmission should be rather difficult for somebody to acquire my root password from????

I mean I find it hard to believe that the official cups interface would really want to expose the admin password.

I guess my question is what's the risk?

Since the 'connection' is not traveling over any wires etc. the risk is about the same as entering your password at any other time except in one way. any process 'listening' on local host can grab the password whereas in most situations the only way would be to scan the keyboard.
The good (and bad) news is, if you have malware running on your system that would use this for the wrong reason, (e.g. a rootkit) you already have a compromised system with a much greater security risk.
But you should not be running as root to begin with. You should be using your user password which limits exposure to root processes and provides better options for tracking unauthorised use. (which is probably what you meant by 'root' password right?)

1 members found this post helpful.

Methinks anyone good enough to hack into a Linux system, is probably good enough to scan the keyboard so I don't think I'll worry too much about that diff...

Yup. Not too sure how I'd know if my system was so compromised... But unless Firefox and/or opera will install a "rootkit" if I click on the wrong link? I doubt my system is overly at risk...

Actually here I have a slightly different theory... I agree that running as root is a dumb idea. But I always "have" a root account {even on Ubuntu systems} and set targetpw in the sudoers file on the theory that using the same "generic" password that I type as often as I do my basic login password is something that sooner or later I'll get too lazy to remember to make sure nobody is looking over my shoulder... I mean it's not like somebody has to wait till I'm doing a root function to see me typing in the regular password. Where as when I'm about to do root level functions, I treat it like a loaded gun. It's dangerous, worthy of extra caution. I tend to look behind me first. If the developers who say we shouldn't use root's password to do root functions, figured out how to give users a two level password system so that the sudo password would be neither root's nor the one used just to login quickly to check for new mail before leaving for the day, I'd want to know about it...

But in any case thanks for putting my mind at ease about the cups interface.

Actually, it's fairly easy to set up a regular user as a "Print Administrator" -- the key is the SystemGroup directive in /etc/cups/cupsd.conf

For example, if it's

SystemGroup sys root

You could add desired print admins to the sys group with a command like

groupmod -G sys user1

Of course, it may be better to use the pre-existing lp group for that purpose -- add that to the SystemGroup directive, and then use the groupmod command to add desired users to that group.