[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Kaloyan Kovachev kkovachev at varna.net
Thu Nov 12 06:04:49 CST 2009


On Thu, 12 Nov 2009 09:20:12 +0100, Olle E. Johansson wrote
> 12 nov 2009 kl. 08.33 skrev Alec Davis:
> 
> > At Tilghman's request.
> > 
> > We need to agree to change the sip.conf default from allowguest=yes to
allowguest=no
> There are many installations that not use peer/user matching at all and
require allowguest to be yes. Not all installations are PBXs. We can change,
as you propose, the sip.conf sample but *not* the default behaviour in the source.
> 
> > and extensions.conf to have a warning in the [default] section that
sip.conf may have allowguest=yes or nothing which will default of yes.
> Here we need to explain that anything here is exposed to anyone if you have
allowguest=yes in sip.conf.

Why not change the default context in sip.conf (and iax.conf for guest on make
samples) to [unauthenticated_call] instead of just default, which will be more
prominent for the admin of what is happening?

> 
> /O
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev




More information about the asterisk-dev mailing list