Hi
I have noticed that when querying the RESTful /my/pagedphonebook or
/my/phonebook service that both seem to return the IM password of other
users on the system.
E.g. when logged on to my test system with a username of 093019076 I got the
following XML for 093019077 (a different user) for the /my/phonebook query:
<entry>
<number>093019077</number>
<contact-information>
<homeAddress/>
<officeAddress>
<street>167 Victoria Street West</street>
<city>Auckland</city>
<country>New Zealand</country>
<state>Auckland</state>
<zip>1001</zip>
</officeAddress>
<branchAddress>
<street>167 Victoria Street West</street>
<city>Auckland</city>
<country>New Zealand</country>
<state>Auckland</state>
<zip>1001</zip>
</branchAddress>
<imId>093019077</imId>
<imPassword>xxxxxxxx</imPassword>
<avatar>https://secure.gravatar.com/avatar</avatar>
</contact-information>
</entry>
I assume this is not supposed to be the intended operation?
Regards
Justin
_______________________________________________
sipx-dev mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-dev/
