[asterisk-users] Is there a way to encrypt passwords stored in the realtime database?
Roderick A. Anderson
raanders at acm.org
Wed Aug 20 13:52:04 CDT 2008
Igor Hernandez wrote:
> I was thinking the same thing I believe Tzafrir just alluded to. If the
> passwords are encrypted in the DB with a public key then...asterisk
> needs to have the private key stored somewhere to be able to decrypt the
> values to authenticate the user. In this way there is nothing preventing
> whoever intrudes your boxes from getting that key and decrypting the
> values himself.
>
> I might be missing something though and if thats the case chime in, I'm
> interested in this issue.
Some of us place databases on separate systems so the cracker would have
to break into two systems -- the database box and the Asterisk box.
Rod
--
>
> Regards,
>
More information about the asterisk-users
mailing list