[asterisk-dev] AEL security
Philipp Kempgen
philipp.kempgen at amooma.de
Mon Mar 19 04:32:46 MST 2007
Philipp Kempgen wrote:
> Sergey Okhapkin wrote:
>
>> AEL needs to use extensions when compiling "switch" statement, asterisk
>> extensions pattern match is being used for "default" case.
>>
>> On Monday 19 March 2007 06:39, Philipp Kempgen wrote:
>>> Philipp Kempgen wrote:
>>>> It seems like AEL compiles labels into extensions.
>>>> So a users could directly dial to a label which seems
>>>> like a security risk to me. Am I missing something?
>>> Need to correct myself: AEL compiles the cases in a switch
>>> block into extensions. Labels remain untouched. But that
>>> doesn't make it any better.
>
> Features are not an excuse for weak security. :P
And although it is implemented this way the AEL compiler could
use something like this for the default case:
exten => 123,n,GotoIf($["${switchvar}" = "BUSY"]?user_busy)
exten => 123,n,GotoIf($["${switchvar}" = "NOANSWER"]?user_unavail)
exten => 123,n,Goto(default)
Regards,
Philipp
--
amooma GmbH - Bachstr. 126 - 56566 Neuwied - http://www.amooma.de
Let's use IT to solve problems and not to create new ones.
Asterisk? -> http://www.das-asterisk-buch.de
Geschäftsführer: Stefan Wintermeyer
Handelsregister: Neuwied B 14998
More information about the asterisk-dev
mailing list