On Sun, Oct 22, 2006 at 05:35:58PM +0100, Tim Panton wrote: > > On 22 Oct 2006, at 17:02, Luigi Rizzo wrote: ... > >> I'd like to hear a discussion of where the 'http/manager' facilities > >> are going. > >> At the moment they are in a limbo that makes them very tempting to > >> use, but > >> almost impossible to use securely (unless I've missed something). > > > > sorry but what do you mean by "securely" ? > > Ah, lots of things :-) > > Leaving aside the SSL issue. I was really thinking about request > filtering. ... (description below)
it seems to me that you really want to enter in the semantics of each request that can be issued, and that seems quite tricky to address in a generic way. One approach that comes to mind is implement rewrite rules in http.c (or manager.c - anyways, the rules go in one of the two .conf files) and add a capability that lets you only issue commands that are in the 'rewrite' list (hoping it is not too long... and hoping the rewrite language is not too complex to implement). anyways, good suggestion. cheers luigi > Here is a concrete example: > Callback - Say want to add a button to a website that initiates a call > and you would like the user to be able to specify one end of the call > (typically > their own landline). > In 1.2 it is clear cut. You have to add the functionality to a > separate web-server > by adding some code (php for example) to a cgi program and doing the > sanity > checking there. The cgi program then invokes the manager API or adds a > call file. > In 1.4 it is _very_ tempting (especially on a resource light > platform) to > try and do it via the Http manager interface and asterisk's static > http (+javascript) > The problem with this is that there is now no-where to sanity check > the request, > or to limit where the calls can be made. The available security (a > given manager > user can either originate or not) is not fine grained enough. > Of course you can put the http manager behind apache and impose > your filtering in mod-rewrite, but that isn't any better than just > using current 1.2 > method, arguably it is less clear. > I really want some concept of an unprivileged user (cf guest in > iax.conf) > which gets some configurable defaults that they can't override - in > the above > case you'd fix the context and technology for the originate command. > I have not really thought through how to make a nice generic > interface to this. > > Tim Panton > > www.mexuar.com > > > > _______________________________________________ > --Bandwidth and Colocation provided by Easynews.com -- > > asterisk-dev mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-dev _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-dev mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-dev
