> -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of > Krzeminski, Damian (BL60:9D30) > Sent: Tuesday, September 22, 2009 12:44 PM > To: [email protected] > Subject: Re: [sipX-dev] [SFtrack] Resolved: (XX-6606) > phonebook search REST api requires plain text password > > I marked this as Resolved:No Change in JIRA. I do realize > there is still might be a problem here: in the interest of > better communication I am responding to the list. > > Fowler, Peter (CAR:9D10) wrote: > > Ok. Does this mean that instead of passing 200:1234 just > prior to the > > domain name in the URL I would Somehow pass the digest of > 1234 (which > > I can get from validusers.xml)? > > > > The way how DIGEST authentication is handled depends on the > library you are using to send HTTP requests. You'd need to > use the HTTP client that allows for intercepting the HA1 > calculation when it constructs the authorization header. > What are you using as your REST client? Did you try it with > DIGEST authentication yet? > > If using HA1 digest is not possible sipXconfig could > implement authentication with SHARED_SECRET (from > domain_config) as a password used for DIGEST authentication. > Would that help? > Anybody has an alternative proposal for authenticating > sipXecs services? > > > > I was thinking the rest container plugin for this REST API would > > include code to query the Phonebook db (via hibernate?). > > > > In addition to all the problems that were discussed here it's > just not that simple. Reading DB, while not trivial, is not > where the difficulty is. User phonebooks are constructed from > several sources of data: including system users data, admin > uploaded external data and in near future - end user personal > phonebook modifications. Reconstructing this would require > duplicating a chunk of sipXconfig code. It would also require > dealing with any future DB schema changes. > D. > > _______________________________________________ > sipx-dev mailing list [email protected] List > Archive: http://list.sipfoundry.org/archive/sipx-dev > Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev > sipXecs IP PBX -- http://www.sipfoundry.org/ >
I am using the java class HttpURLConnection. It allows me to set the "Authorization" request property and currently I can set it to "Basic" followed by the base64 encoding of the userid and plain text Password. Will investigate if I can use this class to pass the digest of the password That I can get from validusers.xml. _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
