[asterisk-security] Pinemango -- Authorization API
Johansson Olle E
oej at edvina.net
Sat Oct 11 14:01:46 CDT 2008
I must say that I'm a bit shocked by the lack of interest on this
topic. I can agree that it may not be part of the
Pinemango project itself, but I would not accept Pinemango inclusion
without a proper API in the Asterisk core.
The fact that Russell, who's the current maintainer of Asterisk, votes
for taking authorization out of the
picture is very disappointing to me.
For a long time, we've discussed enhancing manager, agi and cli
confidentiality, authentication and
authorization. We've added TLS to the manager and http server as a
first step, and I've seen some
work on the CLI.
To build a new API that exposes even more than we do in the current
API, and removing
security mechanisms from the picture means that we make Asterisk less
secure than it is today.
That can't be the goal of the project .
"Asterisk 1.6.x - now with less security than any previous release.
More fun, more possibilities!"
Well, if that's the goal I'll be happy to rip out the broken TLS
implementation in chan_sip... ;-)
(couldn't resist that last part, my apologies)
/O
More information about the asterisk-security
mailing list