[asterisk-users] Polycom XML Files / asterisk
Robert McNaught
asteriskator at gmail.com
Fri May 16 15:08:28 CDT 2008
So for HTTP provisioning in a hosted environment, how would you make
it secure using Option 66 in a customers router.
Would you have to pass a variable with a password in the Option 66 string?
eg http://http.provider.com?customer=999?password=password
and would the polycoms automatically be able to upload log files etc
using a method such as this?
Does anyone have any ideas on running this securely?
Robert
On Thu, May 15, 2008 at 5:13 PM, Mark Hamilton <mark.h at cage151.com> wrote:
> Since, we're on the the topic of phones, and TFTPing.. if someone on this
> thread has some knowledge of putting configs on Cisco IP Phone 7960, can
> they please contact me off list?
>
> I've done the configs via tftp, etc but anything into the speaker/handset
> relating to voice doesn't work.
>
> -----Original Message-----
> From: asterisk-users-bounces at lists.digium.com
> [mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Robert
> McNaught
> Sent: May 15, 2008 6:41 PM
> To: Asterisk Users Mailing List - Non-Commercial Discussion
> Subject: Re: [asterisk-users] Polycom XML Files / asterisk
>
> Limiting to HTTP would be OK if every customer had a static IP - if
> you have small offices, then they maybe on DSL without static IP,
> which makes that difficult - you could of course force your users to
> have static IPs.
>
> Robert
>
> On Thu, May 15, 2008 at 1:45 PM, Atis Lezdins <atis at iq-labs.net> wrote:
>> On Thu, May 15, 2008 at 10:08 PM, Robert McNaught
>> <asteriskator at gmail.com> wrote:
>>> The way I understood it is that TFTP does not allow you to set a
>>> username and password in a URL
>>> like tftp://username:password@tftp.phonecompany.com is not possible
>>> when setting option 66
>>>
>>> Is it not possible to require a username and password with HTTP? I
>>> assumed that you could just like if you were protecting the web root
>>> directory on a webserver to require authentication credentials,
>>> although have never tried this.
>>
>> You can always limit access to HTTP for certain IP range. Isn't that
>> enough? Then add auth in your request string - for example:
>> http://provisioning.mysite.com/secure/234sdfsdf3247sd/- unless you
>> enable directory listing, it should be at same security level as http
>> with authentication or ftp (any of those can be sniffed)
>>
>> Another thing I like in HTTP - you can redirect config read to execute
>> any script, write simple PHP that will generate resulting config, with
>> lookup of correct extension by MAC. Much like DHCP.
>>
>> Regards,
>> Atis
>>
>>>
>>> Robert
>>>
>>>
>>>
>>> On Thu, May 15, 2008 at 10:43 AM, Anthony Francis <anthonyf at rockynet.com>
> wrote:
>>>> I am confused how TFTP is less secure than HTTP. TFTP does not allow any
>>>> browsing, ever. Neither technologies will allow the device to
>>>> authenticate before downloading a configuration file, and both are
>>>> easily secured by only permitting connections from specific hosts.
>>>>
>>>> Robert McNaught wrote:
>>>>> Yes, perhaps a script would always be better than hand-touching these
>>>>> files, and getting an XML editor only really makes it easier on the
>>>>> eyes.
>>>>>
>>>>> On the same subject, I have noticed that Snom and Linksys phones do
>>>>> not support FTP provisioning - only TFTP and HTTP. With TFTP being an
>>>>> insecure option for a hosted architecture, is everyone moving to
>>>>> provision Polycoms with HTTP, so that both can be auto-provisioned via
>>>>> Option 66.
>>>>>
>>>>> One thing I found is that, with option 66 in a LAN router, you cannot
>>>>> specify more than one protocol.
>>>>>
>>>>> Has anyone had any problems provisioning Polycoms with HTTP?
>>>>>
>>>>>
>>>>> On Thu, May 15, 2008 at 1:35 AM, Philipp Kempgen
>>>>> <philipp.kempgen at amooma.de> wrote:
>>>>>
>>>>>> Robert McNaught schrieb:
>>>>>>
>>>>>>
>>>>>>> Does anyone know how to apply a style sheet to the polycom automatic
>>>>>>> provisioning XML files?
>>>>>>>
>>>>>> Why should applying a stylesheet be different than for any other
>>>>>> XML files?
>>>>>>
>>>>>>
>>>>>>> Even better, does anyone know of a web-based XML editor where you can
>>>>>>> just edit the files from a browser directly ie entering in phone
>>>>>>> number, display name, proxy address etc. From what I gather, most
>>>>>>> people are just using Notepad to change the files then upload them,
> or
>>>>>>> vi from the command line, which is fiddly and time-consuming.
>>>>>>>
>>>>>> Just use your preferred editor. Nobody forces Notepad or vi upon you.
>>>>>>
>>>>>> Even better: Generate the config files with Perl/PHP/<insert favorite
>>>>>> language>.
>>>>>>
>>>>>>
>>>>>> Grüße,
>>>>>> Philipp Kempgen
>>>>>> --
>>>>>> Asterisk-Tag.org 2008, 26.-27. Mai -> http://www.asterisk-tag.org
>>>>>> amooma GmbH - Bachstr. 126 - 56566 Neuwied -> http://www.amooma.de
>>>>>> Geschäftsführer: Stefan Wintermeyer, Handelsregister: Neuwied B14998
>>>>>>
>>>>>> _______________________________________________
>>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>>
>>>>>> asterisk-users mailing list
>>>>>> To UNSUBSCRIBE or update options visit:
>>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>>
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>>
>>>>> asterisk-users mailing list
>>>>> To UNSUBSCRIBE or update options visit:
>>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>>
>>>>
>>>> --
>>>> Thank you and have any kind of day you want,
>>>>
>>>> Anthony Francis
>>>> Rockynet VOIP
>>>> (303) 444-7052 opt 2
>>>> voip at rockynet.com
>>>>
>>>>
>>>> _______________________________________________
>>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>>
>>>> asterisk-users mailing list
>>>> To UNSUBSCRIBE or update options visit:
>>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>>
>>>
>>> _______________________________________________
>>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>>
>>> asterisk-users mailing list
>>> To UNSUBSCRIBE or update options visit:
>>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>>
>>
>>
>>
>> --
>> Atis Lezdins,
>> VoIP Project Manager / Developer,
>> atis at iq-labs.net
>> Skype: atis.lezdins
>> Cell Phone: +371 28806004
>> Cell Phone: +1 800 7300689
>> Work phone: +1 800 7502835
>>
>> _______________________________________________
>> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>>
>> asterisk-users mailing list
>> To UNSUBSCRIBE or update options visit:
>> http://lists.digium.com/mailman/listinfo/asterisk-users
>>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
> http://lists.digium.com/mailman/listinfo/asterisk-users
>
More information about the asterisk-users
mailing list