[asterisk-dev] Developer Summit Topics

Luigi Rizzo rizzo at icir.org
Sun Oct 22 09:50:56 MST 2006 

On Sun, Oct 22, 2006 at 05:35:58PM +0100, Tim Panton wrote:
> 
> On 22 Oct 2006, at 17:02, Luigi Rizzo wrote:
...
> >> I'd like to hear a discussion of where the 'http/manager' facilities
> >> are going.
> >> At the moment they are in a limbo that makes them very tempting to
> >> use, but
> >> almost impossible to use securely (unless I've missed something).
> >
> > sorry but what do you mean by "securely" ?
> 
> Ah, lots of things :-)
> 
> Leaving aside the SSL issue. I was really thinking about request  
> filtering.
... (description below)

it seems to me that you really want to enter in the semantics
of each request that can be issued, and that seems quite tricky
to address in a generic way.
One approach that comes to mind is implement rewrite rules in
http.c (or manager.c - anyways, the rules go in one of the two .conf
files) and add a capability that lets you only issue commands
that are in the 'rewrite' list (hoping it is not too long... and hoping
the rewrite language is not too complex to implement).

anyways, good suggestion.

cheers
luigi

> Here is a concrete example:
> 	Callback - Say want to add a button to a website that initiates a call
> and you would like the user to be able to specify one end of the call  
> (typically
> their own landline).
> 	In 1.2 it is clear cut. You have to add the functionality to a  
> separate web-server
> by adding some code (php for example) to a cgi program and doing the  
> sanity
> checking there. The cgi program then invokes the manager API or adds a
> call file.
> 	In 1.4 it is _very_ tempting (especially on a resource light  
> platform) to
> try and do it via the Http manager interface and asterisk's static  
> http (+javascript)
> The problem with this is that there is now no-where to sanity check  
> the request,
> or to limit where the calls can be made. The available security (a  
> given manager
> user can either originate or not) is not fine grained enough.
> 	Of course you can put the http manager behind apache and impose
> your filtering in mod-rewrite, but that isn't any better than just  
> using current 1.2
> method, arguably it is less clear.
> 	I really want some concept of an unprivileged user (cf guest in  
> iax.conf)
> which gets some configurable defaults that they can't override - in  
> the above
> case you'd fix the context and technology for the originate command.
> 	I have not really thought through how to make a nice generic
> interface to this.
> 
> Tim Panton
> 
> www.mexuar.com
> 
> 
> 
> _______________________________________________
> --Bandwidth and Colocation provided by Easynews.com --
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list