[asterisk-dev] Asterisk Manager/Gateway Interface SOAP (gSOAP)
Gregory Nietsky
gregnietsky at gmail.com
Sat Sep 22 18:12:04 CDT 2007
critch wrote:
> My biggest concern over all is yet another port open on a default box,
> more code inclusion from outside vendors that could be exploitable, and
> the actual demand and usage of this for the majority of users. Granted
> even if this makes it into core, it will likely be selectable and just
> be yet another feature I personnaly disable on every build.
>
nope no additional ports are needed as there is a web port already open
the webserver will be overloaded to run AJAM and SOAP,
there is obviously additional risk in the soaplibs may allow malformated
XML to expose the system.
for sending ie userevents there will be a registration needed (where to
send them SSL Certs/Auth and the like) this will be hooked in in a
very similar way to "Action: Login".
for receiving purposes the webserver will need to authorise and pass
SOAP/XML to the SOAP routine. pretty much everything is in a library.
minimising the changes to the core system but certainaly risky.
ill be going a head with it and reporting back trying different approaches.
going forward it is quite possible to look at a res_soap cdr_soap ... it
is a swiss army knife and as such should only be used when needed and
certainaly
be carefull it could cut.
More information about the asterisk-dev
mailing list