mattlandis Posted June 15, 2011 Report Share Posted June 15, 2011 it appears CSTA over tcp can access the pbx with no password/credentials. Is that correct? am i overlooking something? thanks Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 15, 2011 Report Share Posted June 15, 2011 This might be the case if you are coming from an IP address that is listed as "trustd IP address" (e.g. 127.0.0.1). But other than that, this should definitevely not possible! Quote Link to comment Share on other sites More sharing options...
mattlandis Posted June 15, 2011 Author Report Share Posted June 15, 2011 Which field is the gatekeeper for CSTA? SOAP trusted IP? Access Control list? SNMP? On a testing box it appears we can fire up a socket and throw CSTA XML at it and it processes it. ? Quote Link to comment Share on other sites More sharing options...
Vodia PBX Posted June 15, 2011 Report Share Posted June 15, 2011 We are looking into it... Quote Link to comment Share on other sites More sharing options...
mattlandis Posted June 15, 2011 Author Report Share Posted June 15, 2011 appreciated. take care, Quote Link to comment Share on other sites More sharing options...
pbx support Posted June 15, 2011 Report Share Posted June 15, 2011 Is it possible for you to PM your app to see if we can test it before we release any fix for this issue? Quote Link to comment Share on other sites More sharing options...
mattlandis Posted June 15, 2011 Author Report Share Posted June 15, 2011 ah, watch how you "fix" this. It is more of a conversation on how it should work in my mind. also this is not keeping our app from working. It is actually works peferctly fine. We have our client showing the dnd status of all other phones on the system--live. Petty cool. almost like Lync. ;-) it is more of a security issue. Quote Link to comment Share on other sites More sharing options...
pbx support Posted June 16, 2011 Report Share Posted June 16, 2011 I guess you mixed the 2 posts here. Anyways, in the next version the DND status will be available only if the permission is set(posted the reply on the other thread too). Regarding the password topic, the next version will respond to properly only if the start application session is successful. If it is not, you will receive invalid session response. Quote Link to comment Share on other sites More sharing options...
mattlandis Posted June 16, 2011 Author Report Share Posted June 16, 2011 Yes i did kind of mix the issues- #1-the start of this post is: should any person on the internet be able to set or get DND on snom ONE pbx. probably not and you'll fix it. thanks. #2-2nd issue i guess is even if user has a valid credentials should they be able to get / set everyone eleses DND. also probably not. and i guess None of these are keeping our super cool client ;-) from working...just security items snom should look at. http://windowspbx.blogspot.com/2011/06/snom-one-ip-phone-system-gets-windows.html Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.