[asterisk-dev] safe Originate action
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Sun Oct 14 12:12:07 CDT 2007
Hi
There are a number of existing Asterisk dialers that just require the
user to generate a manager interface user, and then originate a call
through that user.
This means that the remote user (which is probably a simple phone
calling user, and not an administrator) is granted almost full ocntorl
of the PBX.
A common wisdom has been to require a dedicated proxy to originate those
calls (whereas another common "wisdom" is to ignore the problem
altogether). Is there a way to do without that proxy?
In http://bugs.digium.com/10972 I provide a proof of concept for a
manager interface user whis is only allowed to make the calls allowed by
the administrator.
Those calls may only go into a specific context set in manager.conf
("context=some-context" in the user's section). However the user may
still originate calls from an arbitrary channel (except Local, which is
explicitly disabled), and that probably opens the door to problems.
I could not think of a clear way to define from which channels the user
may call. Any thoughts about that?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list