[asterisk-dev] Developer Summit Topics

Tim Panton tim at mexuar.com
Sun Oct 22 09:35:58 MST 2006 

On 22 Oct 2006, at 17:02, Luigi Rizzo wrote:

> On Sun, Oct 22, 2006 at 04:53:52PM +0100, Tim Panton wrote:
>>
>> On 22 Oct 2006, at 06:18, Joshua Colp wrote:
>>
>>> Greetings and Salutations Folks!
>>>
>>> As you all probably know we are having a Developer Summit at
>>> Astricon on the fast approaching Tuesday of next week. Participants
>>> have been chosen for the "speaking table" part of it and if you are
>>> curious about who those people are their names are listed at http://
>>> www.asterisk.org/developers/astriconusa2006devsummit. While it may
>>> seem like a small group this will work to our advantage and should
>>> allow us to focus more on what we want to discuss.
>>>
>>> Onto the real reason for this email though... what topics would you
>>> like to see discussed? It's a simple question with many answers and
>>> I'll let the thread blossom with responses :)
>>
>>
>> I'd like to hear a discussion of where the 'http/manager' facilities
>> are going.
>> At the moment they are in a limbo that makes them very tempting to
>> use, but
>> almost impossible to use securely (unless I've missed something).
>
> sorry but what do you mean by "securely" ?

Ah, lots of things :-)

Leaving aside the SSL issue. I was really thinking about request  
filtering.

Here is a concrete example:
	Callback - Say want to add a button to a website that initiates a call
and you would like the user to be able to specify one end of the call  
(typically
their own landline).
	In 1.2 it is clear cut. You have to add the functionality to a  
separate web-server
by adding some code (php for example) to a cgi program and doing the  
sanity
checking there. The cgi program then invokes the manager API or adds a
call file.
	In 1.4 it is _very_ tempting (especially on a resource light  
platform) to
try and do it via the Http manager interface and asterisk's static  
http (+javascript)
The problem with this is that there is now no-where to sanity check  
the request,
or to limit where the calls can be made. The available security (a  
given manager
user can either originate or not) is not fine grained enough.
	Of course you can put the http manager behind apache and impose
your filtering in mod-rewrite, but that isn't any better than just  
using current 1.2
method, arguably it is less clear.
	I really want some concept of an unprivileged user (cf guest in  
iax.conf)
which gets some configurable defaults that they can't override - in  
the above
case you'd fix the context and technology for the originate command.
	I have not really thought through how to make a nice generic
interface to this.

Tim Panton

www.mexuar.com

More information about the asterisk-dev mailing list