[asterisk-gui] interface to list of providers

Pari Nannapaneni pari at digium.com
Thu Aug 28 08:40:45 CDT 2008 

Hi Tzafrir,

> 1. Privacy implications
> Every time I use this configuration page, it reports home. 

"reports home" would be kind of a strong word.

I would agree with what you said,
 [A] if there is 'a banner-Ad script served from a 3rd party website" in the gui
 [B] if the gui had some third party scripts like "google analytics"
 [C] if the script is a mashup 
     I don't think this really qualifies as a 'mashup', as there is NOWAY the script
     can read any of your cookies set by other websites. 
     - Unless you are embedding the gui in someother website via an iframe.
 [D] if the script served is obfuscated using some javascript obfuscator
 [E] OR if the script makes any XMLhttprequest to Digium or some other website.

Its straight forward javascript file, like the rest of the scripts in the GUI.

The only difference being that it is loaded from a different URL,
and the GUI tells the same to the user and loads the script only after taking a confirmation from the user.

Yes, the webserver's log file will contain a bunch of IP addresses which requested the js file,
but thats like saying "i won't use VOIP because the person on the other end might know my IP address".


> 2. Untested code
> This feature means I run a whole bunch of javascript code from a remote
> site. Later on some modifications in that page may break my page and I
> would not even be aware of that.

We will see what we can do about this.

Right now, the providers file is on a different svn repository.
I will see if there is a way to somehow move the providers script file into the gui repository,
so that any changes made to the file would be public.


-Pari


----- Original Message -----
From: "Tzafrir Cohen" <tzafrir.cohen at xorcom.com>
To: "Asterisk-GUI list" <asterisk-gui at lists.digium.com>
Sent: Thursday, August 28, 2008 3:36:34 AM GMT -06:00 US/Canada Central
Subject: [asterisk-gui] interface to list of providers

Hi

I noticed that with asterisk-gui 2.0 the list of providers is sourced on
each invocation from the URL https://gui-dl.digium.com/providers.js .

I have two general concerns of this:

1. Privacy implications
Every time I use this configuration page, it reports home. 

2. Untested code
This feature means I run a whole bunch of javascript code from a remote
site. Later on some modifications in that page may break my page and I
would not even be aware of that.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir

_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--

asterisk-gui mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-gui

More information about the asterisk-gui mailing list