[asterisk-users] How to secure Configuration files

Tzafrir Cohen tzafrir.cohen at xorcom.com
Wed Jul 7 12:30:02 CDT 2010


On Wed, Jul 07, 2010 at 09:06:26AM -0700, Steve Edwards wrote:
> On Wed, 7 Jul 2010, Faisal Hanif wrote:
> 
> > 2nd option is by enabling execincludes=yes in asterisk.conf you can use 
> > #exec in any of asterisk conf file to call any external application and 
> > asterisk will use configuration returned by that external application 
> > and will treat it same as in static file. Here you again have full power 
> > of programming language in you hand.
> 
> Won't "show dialplan," "sip show [peers|users]," etc. and a bit of 
> scripting undo most of this "security."

Yeah. I was about to suggest stupid things such as '#exec rot13 <realconffile'
and using realtime. But then again, Asterisk will eventually know. If
one has any reasonable control over asterisk, one can get the
information Asterisk knows.

Or alternatively, read the information in the same way Asterisk would
read them, and using the same credentials.

-- 
               Tzafrir Cohen
icq#16849755              jabber:tzafrir.cohen at xorcom.com
+972-50-7952406           mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com  iax:guest at local.xorcom.com/tzafrir



More information about the asterisk-users mailing list