[SIP Beyond VoIP] Sylkserver Participant Management

Andreas Sikkema asikkema at unet.nl
Tue Jul 16 11:34:41 CEST 2013


> Right now anyone can add/remove participants in any room. There is no policy enforcement functionality, it can be added but requires more development. But as the conference room URI must be known, the chance of bots doing stuff is minimal as they cannot guess the rooms in use, only those invited in the room know the room address.
> For example, I create the room:
> 2142145214214214 at conference.sip2sip.info
> and I invite you and others, how can a bot figure this out?

The same way people get their PBX's abused for calls to expensive
destinations. Lazyness.

Oh I know! I'll make a conference named 1!

Andreas Sikkema

More information about the SIPBeyondVoIP mailing list