[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Nov 13 05:55:21 CST 2009
On Fri, Nov 13, 2009 at 10:39:38AM +0200, Kaloyan Kovachev wrote:
> On Thu, 12 Nov 2009 20:00:44 +0000 (UTC), Jeff LaCoursiere wrote
> > On Thu, 12 Nov 2009, Atis Lezdins wrote:
> >
> > > On Thu, Nov 12, 2009 at 8:34 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com>
> wrote:
> > >>
> > >> Please explain to me why exactly allowing guests is a bad thing. How can
> > >> I allow people to call me from the internet? Create a local account for
> > >> each and every one in my addressbook?
> > >>
> > >
> > > How about creating context "guest" or "public", and setting it as
> > > default in samples? That would make user to think much more before
> > > adding some code there.
> > >
>
> That was exactly my suggestion here -
> http://lists.digium.com/pipermail/asterisk-dev/2009-November/040571.html
>
> demo is now included in default ... leave default with only invalid and
> timeout instead and include the demo in unauthenticated_call and default in
> both ... this is how i make my configs with s,i,t,T,h being the only
> extensions in default and included everywhere
What's insecure in the demo context?
Is it a problem that someone can make you relay a test IAX2 to Digium?
Leave a voicemail message?
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-dev
mailing list