asteriskator at gmail.com
Guest
|
 Posted: Fri May 16, 2008 3:08 pm Post subject: [asterisk-users] Polycom XML Files / asterisk |
 |
|
So for HTTP provisioning in a hosted environment, how would you make
it secure using Option 66 in a customers router.
Would you have to pass a variable with a password in the Option 66 string?
eg http://http.provider.com?customer=999?password=password
and would the polycoms automatically be able to upload log files etc
using a method such as this?
Does anyone have any ideas on running this securely?
Robert
On Thu, May 15, 2008 at 5:13 PM, Mark Hamilton <mark.h at cage151.com> wrote:
| Quote: | Since, we're on the the topic of phones, and TFTPing.. if someone on this
thread has some knowledge of putting configs on Cisco IP Phone 7960, can
they please contact me off list?
I've done the configs via tftp, etc but anything into the speaker/handset
relating to voice doesn't work.
-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Robert
McNaught
Sent: May 15, 2008 6:41 PM
To: Asterisk Users Mailing List - Non-Commercial Discussion
Subject: Re: [asterisk-users] Polycom XML Files / asterisk
Limiting to HTTP would be OK if every customer had a static IP - if
you have small offices, then they maybe on DSL without static IP,
which makes that difficult - you could of course force your users to
have static IPs.
Robert
On Thu, May 15, 2008 at 1:45 PM, Atis Lezdins <atis at iq-labs.net> wrote:
| Quote: | On Thu, May 15, 2008 at 10:08 PM, Robert McNaught
<asteriskator at gmail.com> wrote:
| Quote: | The way I understood it is that TFTP does not allow you to set a
username and password in a URL
like tftp://username:password at tftp.phonecompany.com is not possible
when setting option 66
Is it not possible to require a username and password with HTTP? I
assumed that you could just like if you were protecting the web root
directory on a webserver to require authentication credentials,
although have never tried this.
|
You can always limit access to HTTP for certain IP range. Isn't that
enough? Then add auth in your request string - for example:
http://provisioning.mysite.com/secure/234sdfsdf3247sd/- unless you
enable directory listing, it should be at same security level as http
with authentication or ftp (any of those can be sniffed)
Another thing I like in HTTP - you can redirect config read to execute
any script, write simple PHP that will generate resulting config, with
lookup of correct extension by MAC. Much like DHCP.
Regards,
Atis
| Quote: |
Robert
On Thu, May 15, 2008 at 10:43 AM, Anthony Francis <anthonyf at rockynet.com>
|
|
wrote:
| Quote: | | Quote: | | Quote: | I am confused how TFTP is less secure than HTTP. TFTP does not allow any
browsing, ever. Neither technologies will allow the device to
authenticate before downloading a configuration file, and both are
easily secured by only permitting connections from specific hosts.
Robert McNaught wrote:
| Quote: | Yes, perhaps a script would always be better than hand-touching these
files, and getting an XML editor only really makes it easier on the
eyes.
On the same subject, I have noticed that Snom and Linksys phones do
not support FTP provisioning - only TFTP and HTTP. With TFTP being an
insecure option for a hosted architecture, is everyone moving to
provision Polycoms with HTTP, so that both can be auto-provisioned via
Option 66.
One thing I found is that, with option 66 in a LAN router, you cannot
specify more than one protocol.
Has anyone had any problems provisioning Polycoms with HTTP?
On Thu, May 15, 2008 at 1:35 AM, Philipp Kempgen
<philipp.kempgen at amooma.de> wrote:
| Quote: | Robert McNaught schrieb:
| Quote: | Does anyone know how to apply a style sheet to the polycom automatic
provisioning XML files?
|
Why should applying a stylesheet be different than for any other
XML files?
| Quote: | Even better, does anyone know of a web-based XML editor where you can
just edit the files from a browser directly ie entering in phone
number, display name, proxy address etc. From what I gather, most
people are just using Notepad to change the files then upload them,
|
|
|
|
|
|
or
| Quote: |
--
Atis Lezdins,
VoIP Project Manager / Developer,
atis at iq-labs.net
Skype: atis.lezdins
Cell Phone: +371 28806004
Cell Phone: +1 800 7300689
Work phone: +1 800 7502835
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
_______________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
|
|
|
Search
