[asterisk-users] How to secure Configuration files
Gordon Henderson
gordon+asterisk at drogon.net
Tue Jul 6 07:21:03 CDT 2010
On Tue, 6 Jul 2010, ABBAS SHAKEEL wrote:
> Hello Community,
>
> I have a question , I have been working with asterisk and developed some
> successful applications. I am facing an issue of security i.e. We deploy
> servers to client end. Now i dont want the client to see my configuration
> files (Of course copy and distribute or replicate the logic with out
> permission).
>
> Now the configuration files are stored in /etc/asterisk/* (Of course we can
> specify a different location but at end we specify this in a configuration
> file).
>
> Is there a way that the configuration files get encrypted or some thing else
> so that some one who have system access can not copy the configuration files
> data or look into that files.
The simple answer is that you can't prevent anyone copying it if they have
physical access.
All you can do is make it hard.
If you wanted to encrypt them, you'd need to alter asterisk.
You could use something like trucrypt, or another whole disk encryption
technology, but that'll require someone typing in a password at boot time
making unattended reboots impossible.
Another way which I have seen is to do away with the dialplan entirely and
do it all in a single big compiled AGI C program. (Ok, you have minimal
dialplan to pump everything into it, but...) and don't distribute the
source to the C program...
You need to work out just what it's worth to you if someone does copy it.
Realistically, what's your target audience? Are your clients the sort of
people likely to copy and and sell it on? For most businesses, I'd guess
not.
Gordon
More information about the asterisk-users
mailing list