[cisco-voip] the "cucm-uds" http directory

Lelio Fulgenzi lelio at uoguelph.ca
Mon Feb 24 20:16:22 EST 2014 

That's great! Thanks!

Sent from my iPhone

On 2014-02-24, at 6:45 PM, "Brian Meade (brmeade)" <brmeade at cisco.com> wrote:

> Leliom
>  
> I found this document that provides some info on what requires authentication and what does not:
> https://developer.cisco.com/media/cisco-user-data-serviccs-usd-dev-guide/index.html?getting_started.html
>  
> Just click on the “Authentication” section.
>  
> Thanks,
> Brian Meade
>  
> From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Lelio Fulgenzi
> Sent: Friday, February 21, 2014 3:52 PM
> To: Stephen Welsh
> Cc: cisco-voip (cisco-voip at puck.nether.net)
> Subject: Re: [cisco-voip] the "cucm-uds" http directory
>  
> 
> I'm guessing most stuff does require authentication, but I've already found a few things that require no authentication whatsoever.
> 
> Without directing my worries to a particular demographic, my main concern is we have open, unauthenticated network ports on campus that anyone can use. And with some unencrypted wireless still going on, it won't take much for someone to grab credentials to use.
> 
> My stance has always been, userID/password shouldn't be the only protection.
> 
> I'm hoping my reverse proxy admin can capture the bulk of the files/directories under cucm-uds that he needs to make the ucmuser pages work.
> 
> *sigh*
> 
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
> 
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>  
> From: "Stephen Welsh" <stephen.welsh at unifiedfx.com>
> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
> Cc: "cisco-voip (cisco-voip at puck.nether.net)" <cisco-voip at puck.nether.net>
> Sent: Friday, February 21, 2014 3:41:13 PM
> Subject: Re: [cisco-voip] the "cucm-uds" http directory
> 
> LOL ;)
>  
> Your guess is right, more and more will be added to this API over time, however it does follow proper authentication rules, so a end user credentials are used to authenticate to the API and they only get access to their settings/devices.
>  
> Are you worried some of your students will find out how to “abuse” this interface?
>  
> Stephen
>  
> On 21 Feb 2014, at 20:31, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>  
> 
> ok, it looks like there are some pretty simple calls that can be made according to:
> 
> https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/
> 
> i'm now officially worried.
> 
> is there a data dictionary available for this stuff? i suspect it's only going to get bigger. 
> 
> i'm wondering if we can turn it off without too much impact.
> 
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
> 
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>  
> From: "Lelio Fulgenzi" <lelio at uoguelph.ca>
> To: "Stephen Welsh" <stephen.welsh at unifiedfx.com>
> Cc: "cisco-voip (cisco-voip at puck.nether.net)" <cisco-voip at puck.nether.net>
> Sent: Friday, February 21, 2014 3:25:33 PM
> Subject: Re: [cisco-voip] the "cucm-uds" http directory
> 
> Thanks Stephen. This helps. I did some searching and came up with little with respect to what's actually it might be used for now. My concern is that the old "corporate" directory has somehow been moved/replicated to calls in this directory. However, I can't find any reference to new URLs, etc. 
> 
> I'm guessing that with little effort, someone can write an tool to search the corporate directory through our reverse proxy and gain access to telephone directory information that we need to keep private. 
> 
> Can you share any more information? In particular, are there only APIs available in this directory, or are there even more user friendly pages that can be served up?
> 
> Lelio
> 
> 
> 
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
> 
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>  
> From: "Stephen Welsh" <stephen.welsh at unifiedfx.com>
> To: "Lelio Fulgenzi" <lelio at uoguelph.ca>
> Cc: "cisco-voip (cisco-voip at puck.nether.net)" <cisco-voip at puck.nether.net>
> Sent: Friday, February 21, 2014 3:09:09 PM
> Subject: Re: [cisco-voip] the "cucm-uds" http directory
> 
> Hi Lelio,
>  
> This is a REST based API that is used for all user related information (and more in the future).
>  
> It’s officially release with CUCM 10, however it was technically added back in 8.6 and used by a few Cisco applications.
>  
> It should help to provide better isolation between end user and admin level access.
>  
> You can find more info here:
>  
> https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/
>  
> Thanks
>  
> Stephen
>  
> On 21 Feb 2014, at 19:56, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:
>  
> 
> We're going through the process of testing our reverse proxy setup to allow users to access the "ucmuser" pages. There has been a marked improvement in so much as it seems there are no files from the "ccmadmin" directory being served out for ucmuser activities.
> 
> However, we have noticed files being served from the "cucm-uds" directory. 
> 
> Can anyone comment on what contents this directory holds and whether or not there are admin related pages here?
> 
> Thanks, Lelio
> 
> 
> ---
> Lelio Fulgenzi, B.A.
> Senior Analyst, Network Infrastructure
> Computing and Communications Services (CCS)
> University of Guelph
> 
> 519‐824‐4120 Ext 56354
> lelio at uoguelph.ca
> www.uoguelph.ca/ccs
> Room 037, Animal Science and Nutrition Building
> Guelph, Ontario, N1G 2W1
>  
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>  
>  
> 
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>  
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140224/e928eaad/attachment.html>

More information about the cisco-voip mailing list