[cisco-voip] the "cucm-uds" http directory

Stephen Welsh stephen.welsh at unifiedfx.com
Fri Feb 21 15:41:13 EST 2014 

LOL ;)

Your guess is right, more and more will be added to this API over time, however it does follow proper authentication rules, so a end user credentials are used to authenticate to the API and they only get access to their settings/devices.

Are you worried some of your students will find out how to “abuse” this interface?

Stephen

On 21 Feb 2014, at 20:31, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:


ok, it looks like there are some pretty simple calls that can be made according to:

https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/

i'm now officially worried.

is there a data dictionary available for this stuff? i suspect it's only going to get bigger.

i'm wondering if we can turn it off without too much impact.

---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
To: "Stephen Welsh" <stephen.welsh at unifiedfx.com<mailto:stephen.welsh at unifiedfx.com>>
Cc: "cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>)" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Sent: Friday, February 21, 2014 3:25:33 PM
Subject: Re: [cisco-voip] the "cucm-uds" http directory

Thanks Stephen. This helps. I did some searching and came up with little with respect to what's actually it might be used for now. My concern is that the old "corporate" directory has somehow been moved/replicated to calls in this directory. However, I can't find any reference to new URLs, etc.

I'm guessing that with little effort, someone can write an tool to search the corporate directory through our reverse proxy and gain access to telephone directory information that we need to keep private.

Can you share any more information? In particular, are there only APIs available in this directory, or are there even more user friendly pages that can be served up?

Lelio



---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

________________________________
From: "Stephen Welsh" <stephen.welsh at unifiedfx.com<mailto:stephen.welsh at unifiedfx.com>>
To: "Lelio Fulgenzi" <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>>
Cc: "cisco-voip (cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>)" <cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>>
Sent: Friday, February 21, 2014 3:09:09 PM
Subject: Re: [cisco-voip] the "cucm-uds" http directory

Hi Lelio,

This is a REST based API that is used for all user related information (and more in the future).

It’s officially release with CUCM 10, however it was technically added back in 8.6 and used by a few Cisco applications.

It should help to provide better isolation between end user and admin level access.

You can find more info here:

https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/

Thanks

Stephen

On 21 Feb 2014, at 19:56, Lelio Fulgenzi <lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>> wrote:


We're going through the process of testing our reverse proxy setup to allow users to access the "ucmuser" pages. There has been a marked improvement in so much as it seems there are no files from the "ccmadmin" directory being served out for ucmuser activities.

However, we have noticed files being served from the "cucm-uds" directory.

Can anyone comment on what contents this directory holds and whether or not there are admin related pages here?

Thanks, Lelio


---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519‐824‐4120 Ext 56354
lelio at uoguelph.ca<mailto:lelio at uoguelph.ca>
www.uoguelph.ca/ccs<http://www.uoguelph.ca/ccs>
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip



_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140221/e8ecb388/attachment.html>

More information about the cisco-voip mailing list