[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
SIP
sip at arcdiv.com
Wed Aug 20 13:42:13 CDT 2008
Igor Hernandez wrote:
> I was thinking the same thing I believe Tzafrir just alluded to. If the
> passwords are encrypted in the DB with a public key then...asterisk
> needs to have the private key stored somewhere to be able to decrypt the
> values to authenticate the user. In this way there is nothing preventing
> whoever intrudes your boxes from getting that key and decrypting the
> values himself.
>
> I might be missing something though and if thats the case chime in, I'm
> interested in this issue.
>
> Regards,
>
>
Absolutely. But if you can work it so that you have to key in the key
manually on startup, or store it on a removable flash drive and it
remains in memory during runtime, then you've achieved what you need.
Again... this is considerable complexity in the code -- not a simple
dialplan hack. BUT... it would add security.
I'm just tossing out ideas here.
N.
More information about the asterisk-users
mailing list