Hi everyone,
I got comments from a couple of people saying that the way GUI
executes system scripts is going to be a security concern.
The AsteriskGUI automatically adds the following context if it's not found in
extensions.conf
[asterisk_guitools]
exten = executecommand,1,System(${command})
exten = executecommand,n,Hangup()
and the GUI executes commands/scripts on the local machine by sending a GET
command like
action = originate &
channel = Local/[EMAIL PROTECTED] &
Variable = "command=sh whatever.sh" & ....
So, I am thinking of - adding this context on login into the GUI
and removing it onLogout. This is definitely not the solution for the actual
problem, but it will prevent the security problems once the system is
configured.
are there any other ways to improve/replace this in the GUI ?
-Pari
_______________________________________________
--Bandwidth and Colocation provided by Easynews.com --
asterisk-gui mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-gui
