--- conf/cupsd.conf.in.orig	2010-12-09 22:24:51.000000000 +0100
+++ conf/cupsd.conf.in	2011-10-05 13:51:39.000000000 +0200
@@ -138,3 +138,25 @@ WebInterface @CUPS_WEBIF@
 #
 # End of "$Id: cupsd.conf.in 9407 2010-12-09 21:24:51Z mike $".
 #
+
+# The policy below is added by SUSE during build of our cups package.
+# The policy 'allowallforanybody' is totally open and insecure and therefore
+# it can only be used within an internal network where only trused users exist
+# and where the cupsd is not accessible at all from any external host, see
+# http://en.opensuse.org/SDB:CUPS_and_SANE_Firewall_settings
+# Have in mind that any user who is allowed to do printer admin tasks
+# can change the print queues as he likes - e.g. send copies of confidental
+# print jobs from an internal network to any external destination, see
+# http://en.opensuse.org/SDB:CUPS_in_a_Nutshell
+# For documentation regarding 'Managing Operation Policies' see
+# http://www.cups.org/documentation.php/doc-1.5/policies.html
+<Policy allowallforanybody>
+  <Limit All>
+    Order deny,allow
+    Allow from all
+  </Limit>
+</Policy>
+# Explicitly set the CUPS 'default' policy to be used by default:
+DefaultPolicy default
+# End of additions by SUSE.
+