[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Michiel van Baak michiel at vanbaak.info
Thu Nov 12 04:57:48 CST 2009


On 11:34, Thu 12 Nov 09, Olle E. Johansson wrote:
> I've changed the sip.conf.sample in trunk to say the following.
> 
> Like Tzafrir, I don't want to change the channel setting in the code which might break current installations.
> 
> If enough people are behind it, we can change sip.conf.sample to have allowguest=no as a default setting
> without the semicolon in front.
> 
> Feedback?

In my opinion this change is enough.
Changing the default is a no-no in my opinion. This will break too many
systems out there.

If people see the warning in sip.conf and decide to ignore it, it's
their responsibility. Same as with every other piece of software that
has settings and documentation like this. (bind being recursive by
default for example, or sshd that allows root password based logins by
default)

-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"




More information about the asterisk-dev mailing list