πŸ‡ΊπŸ‡¦ We stand with Ukraine! πŸ‡ΊπŸ‡¦

Cyber Security of Octoprint Servers

Hi,

I am trying to get my employer to let me network our Prusa printers using Octoprint however I have been asked the below questions by our cyber security team. I love the software and have used it in a previous company, hopefully @foosel might see this and be able to help.

  1. How is the information sent to the Octoprint servers and then to the printer secured? (is it encrypted?)

  2. Who owns the Octoprint servers and where are they based?

  3. Who has access to the data sent through the Octoprint system? (Does anyone have the rights to the data?)

  4. How are OTA firmware updates ensured they are secure, i.e. they are what I sent and not malicious?

  5. Can the OTS firmware updates feature be disabled?

  6. Has anyone else had any experience of using Octoprint within a large organisation?

I have looked on the forum and FAQ but haven't managed to find definite answers that I can present back as evidence.

Kind Regards

Adam Thickett

With all the server questions (1-3): OctoPrint is self-hosted, so you install the server on your device and have full control over it, you own it, it is based right in front of you. No data leaves that server unless you make it do so.

If you mean servers that run the OctoPrint websites, on *.octoprint.org, that depends which ones - if this is what you want then all the privacy policies etc. are linked on the individual sites.

Updates (5-6): the updates are all run through the GitHub API, and the entire software update plugin can be disabled, none of the updates happen automatically either. All API requests to check for updates are using https, as would downloading them & installing them.

Hi @Charlie_Powell,

Thanks for the very clear and awesome answers. I had mis-understood how the OctoPi worked but now it is much clearer. I was under the impression that the Octopi software ran through a web based server system. I now can see that the data security is much better than I thought.

Hopefully this will help me persuade my business to let me use the software.

Thanks

Adam

Just a small addition to the above:
OctoPrint and OctoPi are separate projects.
OctoPrint is the software that helps controlling your 3d printer.
OctoPi is a Linux distribution based on Raspbian (and thus, Debian) to run on a Raspberry Pi that already includes OctoPrint plus everything you need to run it.
Both are Free Open Source Software.

1 Like