[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
SIP
sip at arcdiv.com
Wed Aug 20 13:20:50 CDT 2008
Tzafrir Cohen wrote:
> On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote:
>
>> We are exploring using Asterisk for a project and we are looking for a
>> way to encrypt/decrypt the peer passwords stored in the realtime
>> database (postrges).
>>
>> Ideally, we want to use a public key to encrypt the passwords before
>> they go into the database and have Asterisk use a private key to
>> decrypt the password as part of the call out process.
>>
>> Has anyone developed something like this?
>>
>
> What is the point in that? What threats does it help you to mitigate?
>
>
It helps you mitigate an incredible amount of headache if someone hacks
in and gains access to your DB. The user accounts are still rather
secure -- at least long enough to inform your users to change their
passwords.
And yes... you could just say, "Don't let that happen. Use better
security on the system." However, that's not 100% effective, and most
hacks are done by disgruntled former employees who had legitimate access
to the system in the first place. As long as it CAN be done without
drastically affecting performance and/or user experience, any extra
security is a Good Thing.
N.
More information about the asterisk-users
mailing list