Some thoughts

Nov 23, 2010 at 10:42 AM

After few week of usage, i have some interesting (i hope so :-) ) remarks on Snomtastic.

The first concern is about user password. After a bit of trialing i found that i need to use <$password> token in configuration for user_pass parameter. But unfortunaltely, i had to set it to not crypted too, which means that when you look at the phone configuration thru Snomtastic, you can read the user password in plan text ! This is quite unacceptable from a security point of view. If i configure it as encrypted, the configuration is not downloaded by the phone as the format seems to be incorrect.

Another point is about admin user/password. In Snomtastic global settings, we can configure http admin account and password. But it seems that these settings are never pushed to the phone, as the configuration does not reference it (as a variable or something else). So basically, it seems to be the same problem as the user password one. Is there a specific token <$httpadmin> for example to use here ?

Last one is a problem i encountered sometimes : the action "reg failed" doesn't seem to work, even if i configure the global option accordingly : the action reg_failed is sent ffrom the phone to the server (i can see it in the log) but the identity is not disabled. Any idea ?



Nov 25, 2010 at 12:08 AM


There are a few "thoughts" here. Hopefully I can answer them all :)

For user password encryption to work make sure of the following:

Web.config should contain the EncryptionPassPhrase key

    <add key="EncryptionPassPhrase" value="p$$w=Rd"/>

In Settings
Identity 01 > user_pass should be set to encrypted

In configuration
Identity 01 > user_pass should be set to password
Make sure you actually change this value to something else after turning on encryption in the settings, then change it to <$password> just to be sure it is set correctly.

For http_pass
Currently http_user and http_pass need to be set in both the System configuration and the general configuration.

The settings in System configuration are used by the application to send commands to the phone, (E.g. Reset, Reboot etc.) and the settings in the general configuration are used to apply the setting to the phone.

This is a bit of an oversite and they should be available as tokens. I will add it to my to-do list.

Currently avavilable Tokens
Current tokens available in settings are:
<$password> for the users password
<$macaddress> for the phones mac address
<$ipaddress> for the phones IP address
<$siteroot> for the URL of the snomtastic server (as set in System Configuration)

Also any AD field that is applicable for a user. E.g <$displayName>


Rules for registration failures
The phone will switch to fail mode if the account is locked out or after the Max Registration Attemts (from system configuration) has been reached. the user will only be deactivated when in fail mode.





Nov 26, 2010 at 4:25 AM


    <add key="EncryptionPassPhrase" value="p$$w=Rd"/>

Do we have to put that pass phrase anywhere else? Like in the phone config section anywhere? Or is the web.config the only place it gets put?

Nov 30, 2010 at 10:34 PM

The EncryptionPassPhrase should be ONLY in the web config of the root site.