On Thursday 31 October 2013, Charles Chance wrote:
On 31 Oct 2013 08:53, "Alex Hermann" alex@speakup.nl wrote:
If not, then, imho, the admin already has plenty of possibilities
(IP-based,
digest, TLS cert) to do authentication before calling that function. Why force one method if we can just leave it up to the admin to choose whatever fits best in his situation.
But aren't we allowing the admin to potentially shoot themselves in the foot, as Olle puts it?
Of course, but there are plenty ways to shoot oneself. Kamailio is not an end- user application. I see it more like a compiler than a word-processor. Certain capabilities are required to make an application with it.
I prefer the freedom to choose whatever method fits best in my situation/application. I like the current way in which the admin decides how INVITE, PUBLISH, XMLRPC, DMQ, etc are authenticated and/or authorized. None of the (C-)code handling those methods need special authentication routines implemented, it can all be done from within the script.
Implementing additional authorization methods inside DMQ will limit choice and create a higher burden on maintenance of the module.
There are already to much functions in Kamailio which had only 1 specific use case in mind, where everyone needing a little bit different behavior implemented it separately. Look for example at the many ways to get and/or format date-time values. Let's not add even more.