Security issues with DNs

[eferreyra]

Hi people, playing around with the Activex interface and .NET, i do a simple application for CallerID functions, in the ringing event registers the call and show the OtherDN of the eventInfo and also register if i respond to the incoming call or not so i can see missing calls.

For this i connect to T-Server and register "my" DN (not doing a logging) this is enough for receive those events, but as almost everybody of you guys must know, if i register a DN that is not my DN it also works and i receive events for the DN of the ... (owner, directors, managers, etc.) registering they calls...

So the question is, there is any way of prevent this ?

Thanks !!

Pachu

[René]

Hi Pachu,

Unfortunately this is default behaviour of TServer and I don't know reliable way how to restrict TServer allowing register on configured DNs only. I do remember that it was impossible to register non-CME DNs in some of previous TServer 7.x release but Genesys put that functionality back due customer's complaints...

You can try "to play" with TServer's option "check-tenant-profile" but it didn't worked as I expected last time I made some tests.

René

[S]

Did you try masking the events?
Did u try registering as a supervisor rather an advisor?

[victor]

Receiving events for DN that you are not authorized to connect to is a problem. One way I would suggest taking care of it would be to miodify your softphone so that it would check user login against CME and also check that user place, making sure that user cannot enter a DN other than the one he has been assigned to.

There is little sense in creating security against people who have access to ActiveX component and development environment...

Vic

[eferreyra]

Thanks all for your comments.

In some applications can be difficult restrict some things, for example in a caller id simple app, the DN must be a application parameter not hard coded, so same applicattion works for a number of DN, but there is no "secret or restricted" place to hide this parameter to other developers, so anybody o the developing team eventually can change his own "Caller Id" DN to a director or manager ones...