[sr-dev] DMQ security
Alex Hermann
alex at speakup.nl
Thu Oct 31 12:20:30 CET 2013
On Thursday 31 October 2013, Charles Chance wrote:
> On 31 Oct 2013 08:53, "Alex Hermann" <alex at speakup.nl> wrote:
> > If not, then, imho, the admin already has plenty of possibilities
>
> (IP-based,
>
> > digest, TLS cert) to do authentication before calling that function.
> > Why force one method if we can just leave it up to the admin to choose
> > whatever fits best in his situation.
>
> But aren't we allowing the admin to potentially shoot themselves in the
> foot, as Olle puts it?
Of course, but there are plenty ways to shoot oneself. Kamailio is not an end-
user application. I see it more like a compiler than a word-processor. Certain
capabilities are required to make an application with it.
I prefer the freedom to choose whatever method fits best in my
situation/application. I like the current way in which the admin decides how
INVITE, PUBLISH, XMLRPC, DMQ, etc are authenticated and/or authorized. None of
the (C-)code handling those methods need special authentication routines
implemented, it can all be done from within the script.
Implementing additional authorization methods inside DMQ will limit choice and
create a higher burden on maintenance of the module.
There are already to much functions in Kamailio which had only 1 specific use
case in mind, where everyone needing a little bit different behavior
implemented it separately. Look for example at the many ways to get and/or
format date-time values. Let's not add even more.
--
Greetings,
Alex Hermann
More information about the sr-dev
mailing list