|
Home > Archive > Voice over IP Cisco > October 2007 > Access restrictions AXL/SOAP CCM4.2
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Access restrictions AXL/SOAP CCM4.2
|
|
| Dietmar 2007-10-09, 7:12 pm |
| Hi all,
while playing a little with the AXL/SOAP interface of CCM 4.2, I realized that
every authenticated user is able to read and modify (!) ALL settings, even
these of phones/lines that are not assigned to that user.
I would have expected that a user can only modify his own settings with the
AXL/SOAP interface. Hopefully, this is true and someone has an idea what is
wrong with my CCM settings ;-). Any hints?
Thanks,
Dietmar
| |
| Charles Ragan, Jr. 2007-10-10, 1:12 am |
| Nope - it's true. With 4.2 and later you can restrict using MLA.
With previous versions of CM, we chose to restrict what ip address space could access the soap/axl interface within IIS.
Charles
Dietmar <db7td@gmx.de> wrote:
Hi all,
while playing a little with the AXL/SOAP interface of CCM 4.2, I realized that
every authenticated user is able to read and modify (!) ALL settings, even
these of phones/lines that are not assigned to that user.
I would have expected that a user can only modify his own settings with the
AXL/SOAP interface. Hopefully, this is true and someone has an idea what is
wrong with my CCM settings ;-). Any hints?
Thanks,
Dietmar
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
Charles Ragan Jr., Technology Consultant
Principal Consultant - CCIE #1764
Cell Phone - 336-442-4361
http://www.geocities.com/ciscojock2002/
| |
| Dietmar 2007-10-10, 7:11 pm |
| Solution:
This is a known bug (CSCsc59620) that has been fixed in 4.2(1). Setting the
system parameter "Enable AXL Access Levels" to TRUE denies unauthorized
access to AXL. The default is, for whatever reason, FALSE!
Dietmar
On Wednesday 10 October 2007 03:22:13 Charles Ragan, Jr. wrote:
> Nope - it's true. With 4.2 and later you can restrict using MLA.
>
> With previous versions of CM, we chose to restrict what ip address space
> could access the soap/axl interface within IIS.
>
> Charles
>
> Dietmar <db7td@gmx.de> wrote:
> Hi all,
>
> while playing a little with the AXL/SOAP interface of CCM 4.2, I realized
> that every authenticated user is able to read and modify (!) ALL settings,
> even these of phones/lines that are not assigned to that user.
>
> I would have expected that a user can only modify his own settings with the
> AXL/SOAP interface. Hopefully, this is true and someone has an idea what is
> wrong with my CCM settings ;-). Any hints?
>
>
> Thanks,
> Dietmar
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> Charles Ragan Jr., Technology Consultant
> Principal Consultant - CCIE #1764
> Cell Phone - 336-442-4361
> http://www.geocities.com/ciscojock2002/
| |
| Charles Ragan, Jr. 2007-10-10, 7:11 pm |
| True - but you'll still need to integrate to MLA for your 'allowed' users of soap/axl.....
Charles
Dietmar <db7td@gmx.de> wrote:
Solution:
This is a known bug (CSCsc59620) that has been fixed in 4.2(1). Setting the
system parameter "Enable AXL Access Levels" to TRUE denies unauthorized
access to AXL. The default is, for whatever reason, FALSE!
Dietmar
On Wednesday 10 October 2007 03:22:13 Charles Ragan, Jr. wrote:
> Nope - it's true. With 4.2 and later you can restrict using MLA.
>
> With previous versions of CM, we chose to restrict what ip address space
> could access the soap/axl interface within IIS.
>
> Charles
>
> Dietmar wrote:
> Hi all,
>
> while playing a little with the AXL/SOAP interface of CCM 4.2, I realized
> that every authenticated user is able to read and modify (!) ALL settings,
> even these of phones/lines that are not assigned to that user.
>
> I would have expected that a user can only modify his own settings with the
> AXL/SOAP interface. Hopefully, this is true and someone has an idea what is
> wrong with my CCM settings ;-). Any hints?
>
>
> Thanks,
> Dietmar
> ________________________________________
_______
> cisco-voip mailing list
> cisco-voip@puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
>
> Charles Ragan Jr., Technology Consultant
> Principal Consultant - CCIE #1764
> Cell Phone - 336-442-4361
> http://www.geocities.com/ciscojock2002/
________________________________________
_______
cisco-voip mailing list
cisco-voip@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-voip
Charles Ragan Jr., Technology Consultant
Principal Consultant - CCIE #1764
Cell Phone - 336-442-4361
http://www.geocities.com/ciscojock2002/
|
|
|
|
|