[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Kaloyan Kovachev kkovachev at varna.net
Fri Nov 13 02:39:38 CST 2009


On Thu, 12 Nov 2009 20:00:44 +0000 (UTC), Jeff LaCoursiere wrote
> On Thu, 12 Nov 2009, Atis Lezdins wrote:
> 
> > On Thu, Nov 12, 2009 at 8:34 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com>
wrote:
> >>
> >> Please explain to me why exactly allowing guests is a bad thing. How can
> >> I allow people to call me from the internet? Create a local account for
> >> each and every one in my addressbook?
> >>
> >
> > How about creating context "guest" or "public", and setting it as
> > default in samples? That would make user to think much more before
> > adding some code there.
> >

That was exactly my suggestion here -
http://lists.digium.com/pipermail/asterisk-dev/2009-November/040571.html

demo is now included in default ... leave default with only invalid and
timeout instead and include the demo in unauthenticated_call and default in
both ... this is how i make my configs with s,i,t,T,h being the only
extensions in default and included everywhere

> 
> That sounds like the most reasonable suggestion yet.
> 
> j
> 
> _______________________________________________
> --Bandwidth and Colocation Provided by http://www.api-digital.com--
> 
> asterisk-dev mailing list
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev




More information about the asterisk-dev mailing list