[asterisk-dev] safe Originate action

Tzafrir Cohen tzafrir.cohen at xorcom.com
Sun Oct 14 12:12:07 CDT 2007


Hi

There are a number of existing Asterisk dialers that just require the
user to generate a manager interface user, and then originate a call
through that user.

This means that the remote user (which is probably a simple phone
calling user, and not an administrator) is granted almost full ocntorl
of the PBX.

A common wisdom has been to require a dedicated proxy to originate those
calls (whereas another common "wisdom" is to ignore the problem
altogether). Is there a way to do without that proxy?

In http://bugs.digium.com/10972 I provide a proof of concept for a
manager interface user whis is only allowed to make the calls allowed by
the administrator.

Those calls may only go into a specific context set in manager.conf
("context=some-context" in the user's section). However the user may
still originate calls from an arbitrary channel (except Local, which is
explicitly disabled), and that probably opens the door to problems.

I could not think of a clear way to define from which channels the user
may call. Any thoughts about that?

-- 
               Tzafrir Cohen       
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com       
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-dev mailing list