[asterisk-gui] interface to list of providers

Andrew Latham Andrew.Latham at TuxTone.com
Thu Aug 28 16:03:28 CDT 2008 

Two Ideas...

1. This is a silly thought but can the providers offer a file for
their service and the user has the option of updating all vendors.
Then you can have Digium Partners as an option so that it will get all
the partners settings at once.

2. SVN update the file....


I feel for all sides of this small issue.  What is the best way to
enable the user?  Are the ITSPs going to behave themselves with an
open option like #1 above?  Will Bullwinkle get out of his trap in
time to save Rocky.....





On Thu, Aug 28, 2008 at 4:53 PM, bkruse <bkruse at digium.com> wrote:
>
> I suppose so. The problem is that is defeating the _very_ reason we
> implemented this, so that
> we can make updates to the providers list in real time.
>
> -Brandon
>
> Klaus Ruebsam wrote:
>> How about a
>>
>> ------------------
>> Feature request:
>>
>> Additional Field somewhere underneath
>>
>> Options -> General Preferences
>>
>> By default pointing to the JS-file at DIGIUM. But everyone may be free to
>> wget that JS-file manually, place it somewhere on his own web-server and
>> change the above entry field to point to that own webserver. IMHO the
>> corresponding value (URL) should be stored somewhere within
>> /etc/asterisk/http.conf
>>
>> Action required:
>> 1. Add additional variable within http.conf somewehere underneath the
>> [general] section, let´s call it
>>
>> providersinfo = https://gui-dl.digium.com/providers.js
>>
>> No change within Asterisk itself required as variable gets only read by the
>> GUI
>>
>>
>> 2. Wihtin the above mentioned menue-section of the GUI an additional
>> inputfield (keep it long enough) plus a button, named "Default" or "DIGIUM"
>> that would overwrite the field with
>> "https://gui-dl.digium.com/providers.js". The JS-file as of the release date
>> of the GUI version used, may additionally be saved (during installation of
>> the GUI) somewhere underneath http://myasterisk:8088/asterisk/static/config/
>> making an additional and initial wget of the file no longer necesary.
>> ------------------
>>
>> How about that one? That should make all of us happy, shouldn´t it? And
>> implementation shouldn´t be that difficult.
>>
>>
>> Best regards,
>>
>> Klaus
>>
>>
>>
>> -----Ursprüngliche Nachricht-----
>> Von: asterisk-gui-bounces at lists.digium.com
>> [mailto:asterisk-gui-bounces at lists.digium.com] Im Auftrag von bkruse
>> Gesendet: Donnerstag, 28. August 2008 21:00
>> An: Asterisk GUI project discussion
>> Betreff: Re: [asterisk-gui] interface to list of providers
>>
>> The whole idea behind this is that we _can_ push updates of Service
>> Providers.
>>
>> We will test this internally, but it is better than the alternative (having
>> a provider that does not work when they are certified to work)
>>
>> Not to mention this will rarely happen.
>>
>> As far as the remote thing, it is an equiv of a "wget", what about when you
>> go to sites and you see "request pages from analytics.google.com", or
>> requesting advertising javascript files. If you are worried about javascript
>> security, and your overall security, there are much better, and more
>> vulnerable, places to start at.
>>
>> -bk
>>
>> Pari Nannapaneni wrote:
>>
>>>> Not to get into semantics:
>>>>
>>>> The obvious fact is that the local page gets information from a
>>>> remote page. For the purpose of usage statistics, maybe even a simple
>>>> data file or an image would do the same.
>>>>
>>>>
>>> Sure, i think having discussions about any security/privacy concerns are
>>>
>> always a good thing.
>>
>>>
>>>
>>>> This still does not address the original issue.
>>>> Also note that the URL should be HTTPS or use some other equivalent
>>>> messure to protect from DNS spoofs and such.
>>>>
>>>>
>>> It is a HTTPS URL with a valid SSL cert.
>>>
>>> thanks,
>>> -Pari
>>>
>>>
>>> ----- Original Message -----
>>> From: "Tzafrir Cohen" <tzafrir.cohen at xorcom.com>
>>> To: asterisk-gui at lists.digium.com
>>> Sent: Thursday, August 28, 2008 1:11:28 PM GMT -06:00 US/Canada
>>> Central
>>> Subject: Re: [asterisk-gui] interface to list of providers
>>>
>>> On Thu, Aug 28, 2008 at 08:40:45AM -0500, Pari Nannapaneni wrote:
>>>
>>>
>>>> Hi Tzafrir,
>>>>
>>>>
>>>>
>>>>> 1. Privacy implications
>>>>> Every time I use this configuration page, it reports home.
>>>>>
>>>>>
>>>> "reports home" would be kind of a strong word.
>>>>
>>>> I would agree with what you said,
>>>>  [A] if there is 'a banner-Ad script served from a 3rd party website"
>>>> in the gui  [B] if the gui had some third party scripts like "google
>>>>
>> analytics"
>>
>>>>  [C] if the script is a mashup
>>>>      I don't think this really qualifies as a 'mashup', as there is NOWAY
>>>>
>> the script
>>
>>>>      can read any of your cookies set by other websites.
>>>>      - Unless you are embedding the gui in someother website via an
>>>>
>> iframe.
>>
>>>>  [D] if the script served is obfuscated using some javascript
>>>> obfuscator  [E] OR if the script makes any XMLhttprequest to Digium or
>>>>
>> some other website.
>>
>>>> Its straight forward javascript file, like the rest of the scripts in the
>>>>
>> GUI.
>>
>>>>
>>>>
>>> Not to get into semantics:
>>>
>>> The obvious fact is that the local page gets information from a remote
>>> page. For the purpose of usage statistics, maybe even a simple data
>>> file or an image would do the same.
>>>
>>> A quick grep before posting this message showed me that this was the
>>> only case of such a "remote" content.
>>>
>>> It also means that part of the functionality is not available if the
>>> system has no internet access (or is behind a very strict firewall).
>>>
>>>
>>>
>>>> The only difference being that it is loaded from a different URL, and
>>>> the GUI tells the same to the user and loads the script only after
>>>> taking a confirmation from the user.
>>>>
>>>> Yes, the webserver's log file will contain a bunch of IP addresses
>>>> which requested the js file, but thats like saying "i won't use VOIP
>>>>
>> because the person on the other end might know my IP address".
>>
>>>>
>>>>
>>>>> 2. Untested code
>>>>> This feature means I run a whole bunch of javascript code from a
>>>>> remote site. Later on some modifications in that page may break my
>>>>> page and I would not even be aware of that.
>>>>>
>>>>>
>>>> We will see what we can do about this.
>>>>
>>>> Right now, the providers file is on a different svn repository.
>>>> I will see if there is a way to somehow move the providers script
>>>> file into the gui repository, so that any changes made to the file
>>>> would be public.
>>>>
>>>>
>>> This still does not address the original issue.
>>> Also note that the URL should be HTTPS or use some other equivalent
>>> messure to protect from DNS spoofs and such.
>>>
>>>
>>>
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-gui mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-gui
>>
>>
>> _______________________________________________
>> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>>
>> asterisk-gui mailing list
>> To UNSUBSCRIBE or update options visit:
>>    http://lists.digium.com/mailman/listinfo/asterisk-gui
>>
>
>
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
>
> asterisk-gui mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-gui
>



-- 
Andrew "lathama" Latham
Principal
TuxTone Inc.
http://TuxTone.com
Andrew.Latham at TuxTone.com

More information about the asterisk-gui mailing list