On Thu, Mar 10, 2011 at 1:57 PM, Michael Scheidell < [email protected]> wrote:
> On 3/9/11 5:48 PM, Mircea Carasel wrote: > > This web server is not secured in any way, and basically anyone can write a > SOAP client and get ongoing calls: > http://wiki.sipfoundry.org/display/sipXecs/Configuration+SOAP+API > > I was thinking and wondering if this is a security issue; I know that for > instance sipXconfig SOAP services are secured > > I need to ask, and be clear on the question. > > are you saying that ADDING REST is a security issue? > A REST service would do exactly the same thing as the existing SOAP service does > or are you saying that NOW anyone can write a SOAP client since sipx does > not authenticate? > No, I wasn't talking about sipx authentication or about public authenticated SOAP/REST services It is about a port that is opened on a secondary where sipXproxy may run and available to master host only and not public. Through this port sipXconfig accesses a SOAP service for getting ongoing calls Hope this is clear now, Mircea > > > ------------------------------ > > This email has been scanned and certified safe by SpammerTrap®. > For Information please see http://www.secnap.com/products/spammertrap/ > ------------------------------ > >
_______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev/
