[asterisk-dev] AstriDevCon - PineMango

Johansson Olle E oej at edvina.net
Thu Oct 9 04:53:22 CDT 2008


9 okt 2008 kl. 11.49 skrev Nir Simionovich:

> While I do agree with oej that security is a must, when allowing such
> core level interconnect, i would also agree with Brian that the toll
> required may be one that we are unable to undertake at this point in
> time.

If it's not in the architecture from start - regardless if the actual  
code is there-
then the architecture will be wrong and we risk a very high cost of  
implementing
security as a second thought. If there's no auth* in there, Asterisk  
will be even
more open for all kinds of security violations than today, and that's  
not progress.

Authorization is also about being able to implement segmentation, i.e.  
virtual
hosting within an Asterisk platform.

/O



More information about the asterisk-dev mailing list