[asterisk-users] How to secure Configuration files

ABBAS SHAKEEL shakeel.abbas.qau at gmail.com
Wed Jul 7 21:42:36 CDT 2010 

Thanks community for sharing your thoughts.

@ Faisal Hanif-
Both of the solutions you suggested seems equally good for me let me look
into it how can i do that.

@Stiles
This has nothing to do with mean spirited. If an individual is using an open
source technology then it don't means that  he developed some thing using
that technology , then his work also becomes open source ?

@Steve

>Won't "show dialplan," "sip show [peers|users]," etc. and a bit of
>scripting undo most of this "security."

You are right after taking all the measures at the end there will be no
security :P

>Seriously, if your business depends on obfuscation instead of technical
>prowess and killer customer support, you don't have a business.

I understand what you mean. These all things will be there. Regarding
security it was just a thought in my mind i shared with you all people.

@Kevin P Fleming
Thanks for clearing the things.

@ all others thanks for sharing your thoughts

I am not going to modify any Asterisk source code for security (because this
trade-off is expensive)

Cheers

On Thu, Jul 8, 2010 at 1:44 AM, Kevin P. Fleming <kpfleming at digium.com>wrote:

> On 07/07/2010 03:33 PM, Tilghman Lesher wrote:
> > On Wednesday 07 July 2010 14:58:05 Kevin P. Fleming wrote:
> >> On 07/07/2010 10:52 AM, Tilghman Lesher wrote:
> >>> On Wednesday 07 July 2010 05:24:10 A J Stiles wrote:
> >>>> On Tuesday 06 Jul 2010, ABBAS SHAKEEL wrote:
> >>>>> Hello Community,
> >>>>>
> >>>>> ..... I am facing an issue of security i.e.  We deploy
> >>>>> servers to client end. Now i dont want the client to see my
> >>>>> configuration files (Of course copy and distribute or replicate the
> >>>>> logic with out permission).  [ 1 paragraph omitted ]
> >>>>> Is there a way that the configuration files get encrypted or some
> thing
> >>>>> else so that some one who have system access can not copy the
> >>>>> configuration files data or look into that files.
> >>>>
> >>>> Well!  It's a good job Mark Spencer was never so mean-spirited,
> >>>> otherwise you would never have been *given* the power of Asterisk.
> >>>
> >>> In addition, depending upon how you do this, it may be a serious
> >>> violation of the license under which Asterisk was distributed to you
> and
> >>> under which you are required to distribute Asterisk to others.  If you
> >>> are looking for a legitimate way to do this, you'd have to obtain a
> >>> commercial license from Digium.
> >>
> >> That statement will likely lead to yet more confusion about how the GPL
> >> applies to Asterisk and distribution of Asterisk... without a specific
> >> example of how a violation could occur, users will tend to interpret
> >> such statements in the broadest possible terms, which does harm to their
> >> understanding of how they can use and distribute Asterisk.
> >
> > Correct, which is why I used the word 'may'.  The only way to
> sufficiently
> > protect the configuration files would be to alter Asterisk and then
> refuse
> > to provide the altered source to those to whom he provided the binary.
> > That would be a violation of the GPL.  The only method I can see to get
> > around this would be to obtain Asterisk under a non-GPL license.
>
> It would have been helpful if you had included that example then,
> instead of posting such a broad statement that will likely lead to
> misinterpretations when it is read from the list archives (and posted on
> wikis, and other places). When the 'may' qualifier represents a very
> small subset of the possible routes the user might take to achieve their
> goal (even if it is the only one to provide any significant level of
> security), the generalization will naturally be assumed by readers to
> cover many more routes than it actually does... and we have direct
> experience that users often can and do believe that the GPLv2 does
> somehow control the distribution of their configuration files. In
> situations like this, context is everything, and it's much easier to
> narrow the context of such a statement when it is written, than after it
> has been posted and repeated.
>
> --
> Kevin P. Fleming
> Digium, Inc. | Director of Software Technologies
> 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
> skype: kpfleming | jabber: kfleming at digium.com
> Check us out at www.digium.com & www.asterisk.org
>
> --
> _____________________________________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
> New to Asterisk? Join us for a live introductory webinar every Thurs:
>               http://www.asterisk.org/hello
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>



-- 
Best Regards
Shakeel Abbas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20100708/bd63c9fb/attachment-0001.htm

More information about the asterisk-users mailing list