[asterisk-users] Polycom XML Files / asterisk

Robert McNaught asteriskator at gmail.com
Thu May 15 17:41:02 CDT 2008


Limiting to HTTP would be OK if every customer had a static IP - if
you have small offices, then they maybe on DSL without static IP,
which makes that difficult - you could of course force your users to
have static IPs.

Robert

On Thu, May 15, 2008 at 1:45 PM, Atis Lezdins <atis at iq-labs.net> wrote:
> On Thu, May 15, 2008 at 10:08 PM, Robert McNaught
> <asteriskator at gmail.com> wrote:
>> The way I understood it is that TFTP does not allow you to set a
>> username and password in a URL
>> like tftp://username:password@tftp.phonecompany.com is not possible
>> when setting option 66
>>
>> Is it not possible to require a username and password with HTTP?  I
>> assumed that you could just like if you were protecting the web root
>> directory on a webserver to require authentication credentials,
>> although have never tried this.
>
> You can always limit access to HTTP for certain IP range. Isn't that
> enough? Then add auth in your request string - for example:
> http://provisioning.mysite.com/secure/234sdfsdf3247sd/- unless you
> enable directory listing, it should be at same security level as http
> with authentication or ftp (any of those can be sniffed)
>
> Another thing I like in HTTP - you can redirect config read to execute
> any script, write simple PHP that will generate resulting config, with
> lookup of correct extension by MAC. Much like DHCP.
>
> Regards,
> Atis
>
>>
>> Robert
>>
>>
>>
>> On Thu, May 15, 2008 at 10:43 AM, Anthony Francis <anthonyf at rockynet.com> wrote:
>>> I am confused how TFTP is less secure than HTTP. TFTP does not allow any
>>> browsing, ever. Neither technologies will allow the device to
>>> authenticate before downloading a configuration file, and both are
>>> easily secured by only permitting connections from specific hosts.
>>>
>>> Robert McNaught wrote:
>>>> Yes, perhaps a script would always be better than hand-touching these
>>>> files, and getting an XML editor only really makes it easier on the
>>>> eyes.
>>>>
>>>> On the same subject, I have noticed that Snom and Linksys phones do
>>>> not support FTP provisioning - only TFTP and HTTP.  With TFTP being an
>>>> insecure option for a hosted architecture, is everyone moving to
>>>> provision Polycoms with HTTP, so that both can be auto-provisioned via
>>>> Option 66.
>>>>
>>>> One thing I found is that, with option 66 in a LAN router, you cannot
>>>> specify more than one protocol.
>>>>
>>>> Has anyone had any problems provisioning Polycoms with HTTP?
>>>>
>>>>
>>>> On Thu, May 15, 2008 at 1:35 AM, Philipp Kempgen
>>>> <philipp.kempgen at amooma.de> wrote:
>>>>
>>>>> Robert McNaught schrieb:
>>>>>
>>>>>
>>>>>> Does anyone know how to apply a style sheet to the polycom automatic
>>>>>> provisioning XML files?
>>>>>>
>>>>> Why should applying a stylesheet be different than for any other
>>>>> XML files?
>>>>>
>>>>>
>>>>>> Even better, does anyone know of a web-based XML editor where you can
>>>>>> just edit the files from a browser directly ie entering in phone
>>>>>> number, display name, proxy address etc.  From what I gather, most
>>>>>> people are just using Notepad to change the files then upload them, or
>>>>>> vi from the command line, which is fiddly and time-consuming.
>>>>>>
>>>>> Just use your preferred editor. Nobody forces Notepad or vi upon you.
>>>>>
>>>>> Even better: Generate the config files with Perl/PHP/<insert favorite
>>>>> language>.
>>>>>
>>>>>
>>>>> Grüße,
>>>>> Philipp Kempgen
>>>>> --
>>>>> Asterisk-Tag.org 2008, 26.-27. Mai   ->  http://www.asterisk-tag.org
>>>>> amooma GmbH - Bachstr. 126 - 56566 Neuwied  ->  http://www.amooma.de
>>>>> Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied B14998
>>>>>
>>>>> _______________________________________________
>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>
>>>>> asterisk-users mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-users mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>>    http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>
>>> --
>>> Thank you and have any kind of day you want,
>>>
>>> Anthony Francis
>>> Rockynet VOIP
>>> (303) 444-7052 opt 2
>>> voip at rockynet.com
>>>
>>>
>>> _______________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>>   http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
>
>
> --
> Atis Lezdins,
> VoIP Project Manager / Developer,
> atis at iq-labs.net
> Skype: atis.lezdins
> Cell Phone: +371 28806004
> Cell Phone: +1 800 7300689
> Work phone: +1 800 7502835
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



More information about the asterisk-users mailing list