[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default
Kai Hoerner
kai at ciphron.de
Fri Nov 13 04:33:42 CST 2009
Atis Lezdins schrieb:
> On Thu, Nov 12, 2009 at 8:34 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
>
>> Please explain to me why exactly allowing guests is a bad thing. How can
>> I allow people to call me from the internet? Create a local account for
>> each and every one in my addressbook?
>>
> How about creating context "guest" or "public", and setting it as
> default in samples? That would make user to think much more before
> adding some code there.
>
What we should keep in mind here is that all users/friends/accounts that
do not explicitly set "context" to another value will end up there, too.
If we allowguest=yes, unauthenticated calls will end up in the default
context _as well_ but it's not guaranteed only unauthenticated calls go
there.
For that reason i suggest another, more clear context name: "unconfigured"
More information about the asterisk-dev
mailing list