[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Jared Smith jsmith at digium.com
Thu Nov 12 09:00:27 CST 2009


On Thu, 2009-11-12 at 08:42 -0600, Tilghman Lesher wrote:
> I agree with your note, but I disagree with disabling guest access in the
> sample configuration.  The reasoning is that we want new users to be able
> to get Asterisk to work as easily as possible in the sample configuration.
> Even if their SIP phone is not correctly configured with a password. they
> should be able to operate the demo.  Once we start complicating the samples,
> we run the risk of new users being unable to get over that initial hump and
> losing interest, all because they become unable to get Asterisk to respond
> with anything other than an error.

I tend to agree with Tilghman here, and believe that the proper thing to
do might be to put a note in extensions.conf (in the [default] context)
stating that the user should be careful what they put in the [default]
context, as unauthenticated calls go to that context by default.

In short, I'd rather have an educated user than an uneducated user who
can't get Asterisk to work for them.

-- 
Jared Smith
Training Manager
Digium, Inc.




More information about the asterisk-dev mailing list