<html><head><style type='text/css'>p { margin: 0; }</style></head><body><div style='font-family: verdana,helvetica,sans-serif; font-size: 10pt; color: #000000'><br>I'm guessing most stuff does require authentication, but I've already found a few things that require no authentication whatsoever.<br><br>Without directing my worries to a particular demographic, my main concern is we have open, unauthenticated network ports on campus that anyone can use. And with some unencrypted wireless still going on, it won't take much for someone to grab credentials to use.<br><br>My stance has always been, userID/password shouldn't be the only protection.<br><br>I'm hoping my reverse proxy admin can capture the bulk of the files/directories under cucm-uds that he needs to make the ucmuser pages work.<br><br>*sigh*<br><br><div><span name="x"></span>---<br>Lelio Fulgenzi, B.A.<br>Senior Analyst, Network Infrastructure<br>Computing and Communications Services (CCS)<br>University of Guelph<br><br>519‐824‐4120 Ext 56354<br>lelio@uoguelph.ca<br>www.uoguelph.ca/ccs<br>Room 037, Animal Science and Nutrition Building<br>Guelph, Ontario, N1G 2W1<span name="x"></span><br></div><br><hr id="zwchr"><div style="color:#000;font-weight:normal;font-style:normal;text-decoration:none;font-family:Helvetica,Arial,sans-serif;font-size:12pt;"><b>From: </b>"Stephen Welsh" <stephen.welsh@unifiedfx.com><br><b>To: </b>"Lelio Fulgenzi" <lelio@uoguelph.ca><br><b>Cc: </b>"cisco-voip (cisco-voip@puck.nether.net)" <cisco-voip@puck.nether.net><br><b>Sent: </b>Friday, February 21, 2014 3:41:13 PM<br><b>Subject: </b>Re: [cisco-voip] the "cucm-uds" http directory<br><br>
LOL ;)
<div><br>
</div>
<div>Your guess is right, more and more will be added to this API over time, however it does follow proper authentication rules, so a end user credentials are used to authenticate to the API and they only get access to their settings/devices.</div>
<div><br>
</div>
<div>Are you worried some of your students will find out how to “abuse” this interface?</div>
<div><br>
</div>
<div>Stephen
<div><br>
<div>
<div>On 21 Feb 2014, at 20:31, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote>
<div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<div style="font-family: verdana, helvetica, sans-serif; font-size: 10pt;"><br>
ok, it looks like there are some pretty simple calls that can be made according to:<br>
<br>
<a href="https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/" target="_blank">https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/</a><br>
<br>
i'm now officially worried.<br>
<br>
is there a data dictionary available for this stuff? i suspect it's only going to get bigger.<span class="Apple-converted-space"> </span><br>
<br>
i'm wondering if we can turn it off without too much impact.<br>
<br>
<div><span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519‐824‐4120 Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<span></span><br>
</div>
<br>
<hr id="zwchr">
<div style="font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica, Arial, sans-serif; font-size: 12pt;">
<b>From:<span class="Apple-converted-space"> </span></b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>To:<span class="Apple-converted-space"> </span></b>"Stephen Welsh" <<a href="mailto:stephen.welsh@unifiedfx.com" target="_blank">stephen.welsh@unifiedfx.com</a>><br>
<b>Cc:<span class="Apple-converted-space"> </span></b>"cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Sent:<span class="Apple-converted-space"> </span></b>Friday, February 21, 2014 3:25:33 PM<br>
<b>Subject:<span class="Apple-converted-space"> </span></b>Re: [cisco-voip] the "cucm-uds" http directory<br>
<br>
<div style="font-family: verdana, helvetica, sans-serif; font-size: 10pt;">Thanks Stephen. This helps. I did some searching and came up with little with respect to what's actually it might be used for now. My concern is that the old "corporate" directory has
somehow been moved/replicated to calls in this directory. However, I can't find any reference to new URLs, etc.<span class="Apple-converted-space"> </span><br>
<br>
I'm guessing that with little effort, someone can write an tool to search the corporate directory through our reverse proxy and gain access to telephone directory information that we need to keep private.<span class="Apple-converted-space"> </span><br>
<br>
Can you share any more information? In particular, are there only APIs available in this directory, or are there even more user friendly pages that can be served up?<br>
<br>
Lelio<br>
<br>
<br>
<br>
<div><span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519‐824‐4120 Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
www.uoguelph.ca/ccs<br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<span></span><br>
</div>
<br>
<hr id="zwchr">
<div style="font-weight: normal; font-style: normal; text-decoration: none; font-family: Helvetica, Arial, sans-serif; font-size: 12pt;">
<b>From:<span class="Apple-converted-space"> </span></b>"Stephen Welsh" <<a href="mailto:stephen.welsh@unifiedfx.com" target="_blank">stephen.welsh@unifiedfx.com</a>><br>
<b>To:<span class="Apple-converted-space"> </span></b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>Cc:<span class="Apple-converted-space"> </span></b>"cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Sent:<span class="Apple-converted-space"> </span></b>Friday, February 21, 2014 3:09:09 PM<br>
<b>Subject:<span class="Apple-converted-space"> </span></b>Re: [cisco-voip] the "cucm-uds" http directory<br>
<br>
Hi Lelio,
<div><br>
</div>
<div>This is a REST based API that is used for all user related information (and more in the future).</div>
<div><br>
</div>
<div>It’s officially release with CUCM 10, however it was technically added back in 8.6 and used by a few Cisco applications.</div>
<div><br>
</div>
<div>It should help to provide better isolation between end user and admin level access.</div>
<div><br>
</div>
<div>You can find more info here:</div>
<div><br>
</div>
<div><a href="https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/" target="_blank">https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/</a></div>
<div><br>
</div>
<div>Thanks</div>
<div><br>
</div>
<div>Stephen</div>
<div><br>
<div>
<div>On 21 Feb 2014, at 19:56, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:</div>
<br class="Apple-interchange-newline">
<blockquote>
<div style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<div style="font-family: verdana, helvetica, sans-serif; font-size: 10pt;"><br>
We're going through the process of testing our reverse proxy setup to allow users to access the "ucmuser" pages. There has been a marked improvement in so much as it seems there are no files from the "ccmadmin" directory being served out for ucmuser activities.<br>
<br>
However, we have noticed files being served from the "cucm-uds" directory.<span class="Apple-converted-space"> </span><br>
<br>
Can anyone comment on what contents this directory holds and whether or not there are admin related pages here?<br>
<br>
Thanks, Lelio<br>
<br>
<br>
<div><span></span>---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519‐824‐4120 Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<span></span><br>
</div>
<br>
</div>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></div>
</blockquote>
</div>
<br>
</div>
</div>
<br>
</div>
<br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a></div>
</div>
</div>
</blockquote>
</div>
<br>
</div>
</div>
</div><br></div></body></html>