[Asterisk-Dev] Re: Asterisk manager proxy/XML -- Use of imap proxy code (fwd)

Olle E. Johansson oej at edvina.net
Fri Mar 18 06:23:30 MST 2005


David Troy wrote:
> I have experience with another similar proxy called 'imapproxy' which is 
> a proxy for web-based IMAP mail clients; it's very compact, written in 
> C, and has a lot of the other features we need.  I actually contacted 
> the author of that code to see if he'd mind us using it and also get 
> some tips on how it's put together.  His (positive) response is below.

The only problem is, once again, the license. If we want something in cvs,
we need a disclaimer to Digium. However, we can build on his experience.
A really good example! Thank you for finding it. And good advice from 
him as well.

Do we have more proxies out there we can look at?

> As for the definite lack of security on simpleproxy.pl, it is intended 
> to be a big security hole as written.  :)  My notion would be that you 
> would set it to listen on 127.0.0.1 only, and/or put it in some other 
> secured environment, let it login for you once, and then your scripts 
> (which are trusted, right, because they can reach your trusted manager 
> interface?) can talk to the proxy without all the overhead of logging in 
> on every connect, etc...

The problem is always that non-security aware users grab hold of software
and open up holes with it, afterwards blaming you... Simpleproxy.pl is a 
good piece of software, we only need to inform users about this lack of 
security in it. My main concern about it is scalability, that's why I'm 
trying to find other ways forward.

> Anyway, I think that imapproxy would be a great basis for a long term 
> proxy/xml interface for Manager.  I haven't had time to mess with it but 
> have a project now that might warrant it.  I'd appreciate your thoughts.
Let us think about what we need and see if we can start coding 
something. As I started this discussion (kicked by Mark), I'll try to 
put together a draft document we can discuss on the list. Your and 
Nicolas input on this, since you're the two brains behind the current 
proxy, is very important to me.

Best regards,
/O




More information about the asterisk-dev mailing list