[asterisk-users] How to secure Configuration files

Kevin P. Fleming kpfleming at digium.com
Wed Jul 7 14:58:05 CDT 2010


On 07/07/2010 10:52 AM, Tilghman Lesher wrote:
> On Wednesday 07 July 2010 05:24:10 A J Stiles wrote:
>> On Tuesday 06 Jul 2010, ABBAS SHAKEEL wrote:
>>> Hello Community,
>>>
>>> ..... I am facing an issue of security i.e.  We deploy
>>> servers to client end. Now i dont want the client to see my configuration
>>> files (Of course copy and distribute or replicate the logic with out
>>> permission).  [ 1 paragraph omitted ]
>>> Is there a way that the configuration files get encrypted or some thing
>>> else so that some one who have system access can not copy the
>>> configuration files data or look into that files.
>>
>> Well!  It's a good job Mark Spencer was never so mean-spirited, otherwise
>> you would never have been *given* the power of Asterisk.
> 
> In addition, depending upon how you do this, it may be a serious violation of
> the license under which Asterisk was distributed to you and under which you
> are required to distribute Asterisk to others.  If you are looking for a
> legitimate way to do this, you'd have to obtain a commercial license from
> Digium.

That statement will likely lead to yet more confusion about how the GPL
applies to Asterisk and distribution of Asterisk... without a specific
example of how a violation could occur, users will tend to interpret
such statements in the broadest possible terms, which does harm to their
understanding of how they can use and distribute Asterisk.

Since the poster's question was specifically about configuration files,
I see no connection between protecting them and any possible violation
of the GPLv2 license on Asterisk, except for the unlikely scenario of
the poster deciding to modify Asterisk to decrypt files as it reads
them... and even then, the license violation would only occur if they
failed to provide their customers the modified Asterisk code; keeping
the decryption keys private would not violate the GPLv2 at all.

How does obtaining a commercial license from Digium provide the poster a
'legitimate' way to secure his configuration files?

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org



More information about the asterisk-users mailing list