fake-printer is a local LAN utility. It is not a multi-tenant cloud service.
This project does not implement and will not add:
- Single Sign-On (SSO)
- OAuth / OpenID Connect
- Azure AD, Google Workspace, or similar identity providers
Printing is authenticated only by network reachability on a trusted LAN (and optionally a shared IPP token — see below).
- Bind:
0.0.0.0:8631on the host — reachable from the local network - Do not port-forward 8631 to the public internet
- Tailscale or other private overlays are acceptable; public exposure is not
IPP_SHARED_TOKEN in paperlessprinter/.env (generated from config/env.example) requires clients to send X-IPP-Token. This is a shared secret for LAN hardening, not user identity or SSO.
POST_ENDPOINT is empty by default. Print jobs are written to local spool/ and inbox/ only — no outbound HTTP POST with files or credentials.
spool/andinbox/may contain confidential documents from print jobs- These paths are gitignored — never commit them
install.jsonandpaperlessprinter/.envare gitignored (machine-specific)
Setup clones paperlessprinter (AGPL-3.0). Review that project's security model separately.
Open a private security advisory on GitHub or contact the repository owner. Do not open public issues for undisclosed vulnerabilities.
For LAN clients to connect, allow inbound:
- TCP 8631 (IPP)
- UDP 5353 (mDNS)
Run pwsh scripts/open-firewall.ps1 as Administrator on Windows.