[asterisk-users] Hide the plain text password
Richard Kenner
kenner at gnat.com
Wed Feb 16 07:37:47 CST 2011
> > - The config file reader looks for strings of the form "{enc:<string>}:
> > and replaces them, before otherwise parsing the line, with the decrypted
> > version of the string using the key in the "master_key" file.
>
> This sounds pretty reasonable, except perhaps that you might only want
> to convert strings in password fields -- otherwise you risk false
> positives in e.g. the dial plan.
I think this works much better if it's purely lexical. Otherwise, you
have to teach the code what's a password and what's not and maintaning
that is an ongoing issue, so I think a cleaner design would be to pick
some string that's just not going to occur anywhere.
> I can recommend contracting with one of the indepedent Asterisk
> developers to get this done. You will likely find them on the
> Asterisk-biz-list.
I could easily do it myself if it were something that I personally needed
(except that I'm not sure if two-way encryption routines already exist
in Asterisk), but we don't have enough passwords for this to be an issue.
I was posting the design to address the issues raised by the person who
started the thread.
More information about the asterisk-users
mailing list