[asterisk-bugs] [JIRA] (ASTERISK-21277) stasis-http authentication

Digium Subversion (JIRA) noreply at issues.asterisk.org
Wed Jul 3 12:23:04 CDT 2013


     [ https://issues.asterisk.org/jira/browse/ASTERISK-21277?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Digium Subversion closed ASTERISK-21277.
----------------------------------------

    Resolution: Fixed
    
> stasis-http authentication
> --------------------------
>
>                 Key: ASTERISK-21277
>                 URL: https://issues.asterisk.org/jira/browse/ASTERISK-21277
>             Project: Asterisk
>          Issue Type: New Feature
>      Security Level: None
>          Components: Core/Stasis, Resources/res_stasis_http
>            Reporter: David M. Lee
>              Labels: Asterisk12
>
> {{stasis-http}} currently does no authentication checking. The, needless to say, is a Bad Thing™.
> We should support:
> * HTTP Basic authentication
> * {{crypt(3)}} encrypted password
> * Password-less authentication (logging in using ?api_key=username)
> * Read-only users
> The sample config should be something like this:
> {code:none}
> ;[user-username]
> ;read_only = no         ; When set to yes, user is only authorized for
> ;                       ; read-only requests
> ;
> ; If a password is specified, user must authenticate using HTTP Basic
> ; authentication. If no password is specified, then the user may authenticate
> ; simply by adding ?api_key=username to their requests.
> ;
> ;password =             ; Crypted or plaintext password (see crypt_password)
> ;
> ; crypt_password may be set to crypt (the default) or plain. When set to crypt,
> ; crypt(3) is used to encrypt the password. A crypted password can be generated
> ; using mkpasswd -m sha-512.
> ;
> ; When set to plain, the password is in plaintext
> ;
> ;crypt_password = crypt
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.asterisk.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira



More information about the asterisk-bugs mailing list