[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default
Olle E. Johansson
oej at edvina.net
Thu Nov 12 02:20:12 CST 2009
12 nov 2009 kl. 08.33 skrev Alec Davis:
> At Tilghman's request.
>
> We need to agree to change the sip.conf default from allowguest=yes to allowguest=no
There are many installations that not use peer/user matching at all and require allowguest to be yes. Not all installations are PBXs. We can change, as you propose, the sip.conf sample but *not* the default behaviour in the source.
> and extensions.conf to have a warning in the [default] section that sip.conf may have allowguest=yes or nothing which will default of yes.
Here we need to explain that anything here is exposed to anyone if you have allowguest=yes in sip.conf.
/O
More information about the asterisk-dev
mailing list