[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Kai Hoerner kai at ciphron.de
Thu Nov 12 05:24:33 CST 2009


Michiel van Baak schrieb:
> On 11:34, Thu 12 Nov 09, Olle E. Johansson wrote:
>   
>> I've changed the sip.conf.sample in trunk to say the following.
>>     
> In my opinion this change is enough.
> Changing the default is a no-no in my opinion. This will break too many
> systems out there.
>   
Changing the default in code will break existing configs that rely on 
the defaults. (e.g. not have explicitly set "allowguest=yes")

Changing the default in the sample config will break nobody's config and 
nobody's setup.

> If people see the warning in sip.conf and decide to ignore it, it's
> their responsibility. Same as with every other piece of software that
> has settings and documentation like this. (bind being recursive by
> default for example, or sshd that allows root password based logins by
> default)
I don't see the argument here. "Because the others do.."

Is setting senseless defaults now considered best practise or something?
Helping beginners with meaningful defaults is generally a good thing, i 
thought.
Who really wants to open his box to the world can do it, but it should 
_really_ not be the default.

To shorten up discussion, i know the default context is secured by default.
But beginners tend to start using it, because of its tempting name.

Changing the default in configuration (not code) will break no one's 
config but will help beginners start with a more secure sample config.
Just my 2 cents.


Best regards,

Kaii



More information about the asterisk-dev mailing list