[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?

Roderick A. Anderson raanders at acm.org
Wed Aug 20 13:52:04 CDT 2008


Igor Hernandez wrote:
> I was thinking the same thing I believe Tzafrir just alluded to. If the
> passwords are encrypted in the DB with a public key then...asterisk
> needs to have the private key stored somewhere to be able to decrypt the
> values to authenticate the user. In this way there is nothing preventing
> whoever intrudes your boxes from getting that key and decrypting the
> values himself.
> 
> I might be missing something though and if thats the case chime in, I'm
> interested in this issue.

Some of us place databases on separate systems so the cracker would have 
to break into two systems -- the database box and the Asterisk box.


Rod
-- 
> 
> Regards,
> 




More information about the asterisk-users mailing list