[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Michiel van Baak michiel at vanbaak.info
Thu Nov 12 10:51:37 CST 2009


On 10:00, Thu 12 Nov 09, Jared Smith wrote:
> On Thu, 2009-11-12 at 08:42 -0600, Tilghman Lesher wrote:
> > I agree with your note, but I disagree with disabling guest access in the
> > sample configuration.  The reasoning is that we want new users to be able
> > to get Asterisk to work as easily as possible in the sample configuration.
> > Even if their SIP phone is not correctly configured with a password. they
> > should be able to operate the demo.  Once we start complicating the samples,
> > we run the risk of new users being unable to get over that initial hump and
> > losing interest, all because they become unable to get Asterisk to respond
> > with anything other than an error.
> 
> I tend to agree with Tilghman here, and believe that the proper thing to
> do might be to put a note in extensions.conf (in the [default] context)
> stating that the user should be careful what they put in the [default]
> context, as unauthenticated calls go to that context by default.
> 
> In short, I'd rather have an educated user than an uneducated user who
> can't get Asterisk to work for them.

I totally agree here.
-- 

Michiel van Baak
michiel at vanbaak.eu
http://michiel.vanbaak.eu
GnuPG key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x71C946BD

"Why is it drug addicts and computer aficionados are both called users?"




More information about the asterisk-dev mailing list