--- conf/cupsd.conf.in.orig	2010-11-12 09:04:07.000000000 +0100
+++ conf/cupsd.conf.in	2010-11-12 09:16:14.000000000 +0100
@@ -124,3 +124,25 @@ DefaultAuthType Basic
 #
 # End of "$Id: cupsd.conf.in 9310 2010-09-21 22:34:57Z mike $".
 #
+
+# The policy below is added by openSUSE/Novell during build of our cups package.
+# The policy 'allowallforanybody' is totally open and insecure and therefore
+# it can only be used within an internal network where only trused users exist
+# and where the cupsd is not accessible at all from any external host, see
+# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
+# Have in mind that any user who is allowed to do printer admin tasks
+# can change the print queues as he likes - e.g. send copies of confidental
+# print jobs from an internal network to any external destination, see
+# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell
+# For documentation regarding 'Managing Operation Policies' see
+# http://www.cups.org/documentation.php/doc-1.4/policies.html
+<Policy allowallforanybody>
+  <Limit All>
+    Order deny,allow
+    Allow from all
+  </Limit>
+</Policy>
+# Explicitly set the CUPS 'default' policy to be used by default:
+DefaultPolicy default
+# End of additions by openSUSE/Novell.
+