[asterisk-dev] Security Request for discussion: Should sip.conf allowguest=yes be the default

Kai Hoerner kai at ciphron.de
Mon Nov 16 02:18:43 CST 2009


Atis Lezdins schrieb:
> On Thu, Nov 12, 2009 at 8:34 PM, Tzafrir Cohen <tzafrir.cohen at xorcom.com> wrote:
>   
>> Please explain to me why exactly allowing guests is a bad thing. How can
>> I allow people to call me from the internet? Create a local account for
>> each and every one in my addressbook?
>>     
> How about creating context "guest" or "public", and setting it as
> default in samples? That would make user to think much more before
> adding some code there.

we should keep in mind here is that all users/friends/accounts that
do not explicitly set "context" to another value will end up there, too.

If we allowguest=yes, unauthenticated calls will end up in the default
context _as well_ but it's not guaranteed only unauthenticated calls go
there.

For that reason i suggest another, more clear context name: "unconfigured"


-- 
CIPHRON GmbH
Tel.: (05 11) 51 51 33 - 0      Fax:          (05 11) 51 51 33 - 29
Web: http://www.ciphron.de/     Support:      (05 11) 51 51 33 - 11
Ust.Id.: DE263362886            Geschäftsführer:  Sebastian Horzela
                                 Amtsgericht Hannover,    HRB 203590



More information about the asterisk-dev mailing list