[asterisk-users] How to secure Configuration files
Hans Witvliet
hwit at a-domani.nl
Wed Jul 7 14:44:12 CDT 2010
On Wed, 2010-07-07 at 09:06 -0700, Steve Edwards wrote:
> On Wed, 7 Jul 2010, Faisal Hanif wrote:
>
> > 2nd option is by enabling execincludes=yes in asterisk.conf you can use
> > #exec in any of asterisk conf file to call any external application and
> > asterisk will use configuration returned by that external application
> > and will treat it same as in static file. Here you again have full power
> > of programming language in you hand.
>
> Won't "show dialplan," "sip show [peers|users]," etc. and a bit of
> scripting undo most of this "security."
>
hence my comment that storing sensative info into a database/directory
isn;t enough.
Physical protection and the usual bunch of normal ssystem protection
should ofcourse be seriously observed
More information about the asterisk-users
mailing list