[asterisk-dev] AstriDevCon - PineMango

Johansson Olle E oej at edvina.net
Sat Oct 11 14:36:55 CDT 2008


11 okt 2008 kl. 21.29 skrev Tim Panton:

> In these cases they had to throw out most of the implementation of the
> core API
> when they added the security layer but the API itself remained and was
> extended.
>
> I'm assuming a definition of success you may not agree with ;-)

Nevertheless you found an example that proves that I'm wrong.
Regardless, I still think that abandoning an authorization model
is a Very Bad Idea (TM).

If we publish an API, someone will produce an application that seriously
breaks the core and hijacks channels left and right. It's better to do  
the
work first, than have to clean up the mess afterwards. We have a very
large installed base out there, and a responsibility not only to help  
them protect
their mission-critical PBX systems, but also integrate security as we  
move
forward, in order to enable them to use this functionality in their  
network
and on the Internet.

/O





More information about the asterisk-dev mailing list