General: Gateways usage security

Fold

Gateways usage security

ledda 1276695443|%e %b %Y, %H:%M %Z|agohover

While adding extension, in picklist you can choose "gateway dialout"

It configures extensions with the line like this:
<action application="bridge" data="sofia/gateway/myprovider.com/$1"/>

After that it's possible to edit this line and specify another gateway (e.g. gateway of another account)

Is there any control that every account can use only his own gateways and not gateways of other accounts?

Reply | Options

Unfold Gateways usage security by

ledda, 1276695443|%e %b %Y, %H:%M %Z|agohover

Fold

Re: Gateways usage security

stas_shtin 1276710948|%e %b %Y, %H:%M %Z|agohover

Just checking it would probably be easier than asking… Anyway, there is a security check that happens when freeswitch requests dialplan that looks for this particular issue. User shouldn't be able to use gateways belonging to others.

However, there must be other less obvious ways for malicious user to exploit freeswitch server as he has direct access to generated dialplan. We plan to have a WYSIWYG interface for editing dialplan extensions in the future that would let user to use only safe commands.

Reply | Options

Unfold Re: Gateways usage security by

stas_shtin, 1276710948|%e %b %Y, %H:%M %Z|agohover

Fold

Re: Gateways usage security

ledda 1276781243|%e %b %Y, %H:%M %Z|agohover

Thanks for pointing on this check. I've found it.

Reply | Options

Unfold Re: Gateways usage security by

ledda, 1276781243|%e %b %Y, %H:%M %Z|agohover

Other interesting sites

wikipbx

Page tags

Add a new page

Other interesting sites

वेद Veda

Nicks Math

Benitachell Bowls Club

NASHVILLE BEAT CO.