<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head><body dir="auto"><div>That's great! Thanks!<br><br>Sent from my iPhone</div><div><br>On 2014-02-24, at 6:45 PM, "Brian Meade (brmeade)" <<a href="mailto:brmeade@cisco.com">brmeade@cisco.com</a>> wrote:<br><br></div><blockquote type="cite"><div>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Helvetica;
panose-1:2 11 6 4 2 2 2 2 2 4;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
@font-face
{font-family:Verdana;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
{mso-style-priority:99;
mso-style-link:"Balloon Text Char";
margin:0in;
margin-bottom:.0001pt;
font-size:8.0pt;
font-family:"Tahoma","sans-serif";}
span.apple-converted-space
{mso-style-name:apple-converted-space;}
span.EmailStyle19
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
span.BalloonTextChar
{mso-style-name:"Balloon Text Char";
mso-style-priority:99;
mso-style-link:"Balloon Text";
font-family:"Tahoma","sans-serif";}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Leliom<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I found this document that provides some info on what requires authentication and what does not:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="https://developer.cisco.com/media/cisco-user-data-serviccs-usd-dev-guide/index.html?getting_started.html">https://developer.cisco.com/media/cisco-user-data-serviccs-usd-dev-guide/index.html?getting_started.html</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Just click on the “Authentication” section.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Thanks,<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Brian Meade<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> cisco-voip [<a href="mailto:cisco-voip-bounces@puck.nether.net">mailto:cisco-voip-bounces@puck.nether.net</a>]
<b>On Behalf Of </b>Lelio Fulgenzi<br>
<b>Sent:</b> Friday, February 21, 2014 3:52 PM<br>
<b>To:</b> Stephen Welsh<br>
<b>Cc:</b> cisco-voip (<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>)<br>
<b>Subject:</b> Re: [cisco-voip] the "cucm-uds" http directory<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><br>
I'm guessing most stuff does require authentication, but I've already found a few things that require no authentication whatsoever.<br>
<br>
Without directing my worries to a particular demographic, my main concern is we have open, unauthenticated network ports on campus that anyone can use. And with some unencrypted wireless still going on, it won't take much for someone to grab credentials to
use.<br>
<br>
My stance has always been, userID/password shouldn't be the only protection.<br>
<br>
I'm hoping my reverse proxy admin can capture the bulk of the files/directories under cucm-uds that he needs to make the ucmuser pages work.<br>
<br>
*sigh*<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">824</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">4120
Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">
<hr size="2" width="100%" align="center" id="zwchr">
</span></div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Helvetica","sans-serif";color:black">From:
</span></b><span style="font-family:"Helvetica","sans-serif";color:black">"Stephen Welsh" <<a href="mailto:stephen.welsh@unifiedfx.com">stephen.welsh@unifiedfx.com</a>><br>
<b>To: </b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</a>><br>
<b>Cc: </b>"cisco-voip (<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>)" <<a href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</a>><br>
<b>Sent: </b>Friday, February 21, 2014 3:41:13 PM<br>
<b>Subject: </b>Re: [cisco-voip] the "cucm-uds" http directory<br>
<br>
LOL ;) <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">Your guess is right, more and more will be added to this API over time, however it does follow proper authentication rules, so a end user credentials are used to authenticate
to the API and they only get access to their settings/devices.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">Are you worried some of your students will find out how to “abuse” this interface?<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">Stephen
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">On 21 Feb 2014, at 20:31, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><br>
ok, it looks like there are some pretty simple calls that can be made according to:<br>
<br>
<a href="https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/" target="_blank">https://developer.cisco.com/site/collaboration/management/user-data-services/learn/how-to/uds-hello-world/</a><br>
<br>
i'm now officially worried.<br>
<br>
is there a data dictionary available for this stuff? i suspect it's only going to get bigger.<span class="apple-converted-space"> </span><br>
<br>
i'm wondering if we can turn it off without too much impact.<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">824</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">4120
Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">
<hr size="2" width="100%" align="center" id="zwchr">
</span></div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><b><span style="font-family:"Helvetica","sans-serif";color:black">From:<span class="apple-converted-space"> </span></span></b><span style="font-family:"Helvetica","sans-serif";color:black">"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>To:<span class="apple-converted-space"> </span></b>"Stephen Welsh" <<a href="mailto:stephen.welsh@unifiedfx.com" target="_blank">stephen.welsh@unifiedfx.com</a>><br>
<b>Cc:<span class="apple-converted-space"> </span></b>"cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Sent:<span class="apple-converted-space"> </span></b>Friday, February 21, 2014 3:25:33 PM<br>
<b>Subject:<span class="apple-converted-space"> </span></b>Re: [cisco-voip] the "cucm-uds" http directory<o:p></o:p></span></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">Thanks Stephen. This helps. I did some searching and came up with little with respect to what's actually it might be used for now.
My concern is that the old "corporate" directory has somehow been moved/replicated to calls in this directory. However, I can't find any reference to new URLs, etc.<span class="apple-converted-space"> </span><br>
<br>
I'm guessing that with little effort, someone can write an tool to search the corporate directory through our reverse proxy and gain access to telephone directory information that we need to keep private.<span class="apple-converted-space"> </span><br>
<br>
Can you share any more information? In particular, are there only APIs available in this directory, or are there even more user friendly pages that can be served up?<br>
<br>
Lelio<br>
<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">824</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">4120
Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
<div class="MsoNormal" align="center" style="text-align:center"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">
<hr size="2" width="100%" align="center" id="zwchr">
</span></div>
<div>
<p class="MsoNormal"><b><span style="font-family:"Helvetica","sans-serif";color:black">From:<span class="apple-converted-space"> </span></span></b><span style="font-family:"Helvetica","sans-serif";color:black">"Stephen Welsh" <<a href="mailto:stephen.welsh@unifiedfx.com" target="_blank">stephen.welsh@unifiedfx.com</a>><br>
<b>To:<span class="apple-converted-space"> </span></b>"Lelio Fulgenzi" <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>><br>
<b>Cc:<span class="apple-converted-space"> </span></b>"cisco-voip (<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>)" <<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a>><br>
<b>Sent:<span class="apple-converted-space"> </span></b>Friday, February 21, 2014 3:09:09 PM<br>
<b>Subject:<span class="apple-converted-space"> </span></b>Re: [cisco-voip] the "cucm-uds" http directory<br>
<br>
Hi Lelio, <o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">This is a REST based API that is used for all user related information (and more in the future).<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">It’s officially release with CUCM 10, however it was technically added back in 8.6 and used by a few Cisco applications.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">It should help to provide better isolation between end user and admin level access.<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">You can find more info here:<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><a href="https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/" target="_blank">https://developer.cisco.com/site/collaboration/management/user-data-services/uds/what-is-uds/</a><o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">Thanks<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">Stephen<o:p></o:p></span></p>
</div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black">On 21 Feb 2014, at 19:56, Lelio Fulgenzi <<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a>> wrote:<o:p></o:p></span></p>
</div>
<blockquote style="margin-top:5.0pt;margin-bottom:5.0pt">
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
<div>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><br>
We're going through the process of testing our reverse proxy setup to allow users to access the "ucmuser" pages. There has been a marked improvement in so much as it seems there are no files from the "ccmadmin" directory being served out for ucmuser activities.<br>
<br>
However, we have noticed files being served from the "cucm-uds" directory.<span class="apple-converted-space"> </span><br>
<br>
Can anyone comment on what contents this directory holds and whether or not there are admin related pages here?<br>
<br>
Thanks, Lelio<br>
<br>
<o:p></o:p></span></p>
<div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">---<br>
Lelio Fulgenzi, B.A.<br>
Senior Analyst, Network Infrastructure<br>
Computing and Communications Services (CCS)<br>
University of Guelph<br>
<br>
519</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">824</span><span style="font-size:10.0pt;font-family:"Cambria Math","serif";color:black">‐</span><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black">4120
Ext 56354<br>
<a href="mailto:lelio@uoguelph.ca" target="_blank">lelio@uoguelph.ca</a><br>
<a href="http://www.uoguelph.ca/ccs" target="_blank">www.uoguelph.ca/ccs</a><br>
Room 037, Animal Science and Nutrition Building<br>
Guelph, Ontario, N1G 2W1<o:p></o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-size:9.0pt;font-family:"Helvetica","sans-serif";color:black">_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><br>
_______________________________________________<br>
cisco-voip mailing list<br>
<a href="mailto:cisco-voip@puck.nether.net" target="_blank">cisco-voip@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/cisco-voip" target="_blank">https://puck.nether.net/mailman/listinfo/cisco-voip</a><o:p></o:p></span></p>
</div>
</div>
</div>
</blockquote>
</div>
<p class="MsoNormal"><span style="font-family:"Helvetica","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:"Verdana","sans-serif";color:black"><o:p> </o:p></span></p>
</div>
</div>
</div></blockquote></body></html>