[asterisk-users] Hide the plain text password
A J Stiles
asterisk_list at earthshod.co.uk
Tue Feb 15 00:08:58 CST 2011
On Monday 14 Feb 2011, Jian Gao wrote:
> Now in my asterisk config files, there are lines like:
> secret=some_password_in_plain_text
>
> Is it possible to hide these plain text password?
Depending how you set your permissions, they are already effectively hidden
behind the machine's root password. If someone gets that then, my friend,
you have bigger things to worry about :)
Anyway, the answer is: No, it's mathematically impossible to do that. Even
if the passwords were stored encrypted, Asterisk itself has to be able to get
the plaintext passwords to send to the remote server; so the code to decrypt
them must necessarily be located on the machine. And the Source Code to
Asterisk is readily available, which is how come you were able to benefit
from it, so it would be trivial to extract the passwords in any case.
See also:
http://developer.pidgin.im/wiki/PlainTextPasswords
for an explanation of pretty much the same issue.
--
AJS
More information about the asterisk-users
mailing list