[Asterisk-Users] no plain text passwords in iax.conf
Adam Hart
adam at teragen.com.au
Mon Nov 29 17:35:50 MST 2004
Bastian Schern wrote:
> Adam Hart schrieb:
>
>> Bastian Schern wrote:
>>
>>> Hello Asterisk friends,
>>>
>>> is it possible to avoid plain text passwords in the iax.conf or the
>>> iaxfriends MySQL database table?
>>>
>>
>> Asterisk needs the plain text password to authenicate. You could wrap
>> a base64 decode when reading the passwords, but this is obsecurity,
>> yet simple to implement & should prevent the casual browser. I guess a
>> more secure method would public key crypto and give asterisk the key
>> at runtime (obviously not 100% secure either)
>
>
> I found out that MySQL offers some methods to store strong passwords:
> http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers
>
> But how I use this with Asterisk?
>
That's using private key crypto, when you store the password you do
aes_encode(password,"somekey") then when asterisk reads it, do a
aes_decode(password,"somekey") - modify chan_iax2 when you do the select
- change the SQL statement: the column 'secret' to
'aes_decode(secret,"somekey") as real_secret' then below change secret
to real_secret.
good luck,
Adam
More information about the asterisk-users
mailing list