> > On 2010-06-03 10:52, Mossman, Paul (Paul) wrote: > > Hi all, > > > > XX-8496 [1] requests, for 4.2.1, the ability for an > administrator to configure whether or not each user has the > ability monitor the presence status of other users. > > > > I picture a new "Subscribe to presence" General Permission, > enabled by default. Users who do not have this permission > will have the Speed Dial "Subscribe to presence" settings > un-checked and greyed out (i.e. disabled, and read-only.) > The same net effect would need to be achieved if Group Speed > Dial settings are being used. > > > > No changes to the phone and resource-lists.xml > configuration file generation would be required. No > Operation-side changes would be required either. > > > If the resource list server isn't going to do the > enforcement, then the protection is more apparent than > real... not sure I'd go there...
Agreed. A non-authorized user could still snoop on others by susbcribing to a valid resource list. Given howe easy it is to guess a resource list name, that would be a simple way to get around the proposed permission scheme... _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
