[asterisk-users] How to secure Configuration files

Danny Nicholas danny at debsinc.com
Wed Jul 7 15:15:45 CDT 2010



-----Original Message-----
From: asterisk-users-bounces at lists.digium.com
[mailto:asterisk-users-bounces at lists.digium.com] On Behalf Of Kevin P.
Fleming
Sent: Wednesday, July 07, 2010 2:58 PM
To: asterisk-users at lists.digium.com
Subject: Re: [asterisk-users] How to secure Configuration files

On 07/07/2010 10:52 AM, Tilghman Lesher wrote:
> On Wednesday 07 July 2010 05:24:10 A J Stiles wrote:
>> On Tuesday 06 Jul 2010, ABBAS SHAKEEL wrote:
>>> Hello Community,
>>>
>>> ..... I am facing an issue of security i.e.  We deploy
>>> servers to client end. Now i dont want the client to see my
configuration
>>> files (Of course copy and distribute or replicate the logic with out
>>> permission).  [ 1 paragraph omitted ]
>>> Is there a way that the configuration files get encrypted or some thing
>>> else so that some one who have system access can not copy the
>>> configuration files data or look into that files.
>>
>> Well!  It's a good job Mark Spencer was never so mean-spirited, otherwise
>> you would never have been *given* the power of Asterisk.
> 
> In addition, depending upon how you do this, it may be a serious violation
of
> the license under which Asterisk was distributed to you and under which
you
> are required to distribute Asterisk to others.  If you are looking for a
> legitimate way to do this, you'd have to obtain a commercial license from
> Digium.

That statement will likely lead to yet more confusion about how the GPL
applies to Asterisk and distribution of Asterisk... without a specific
example of how a violation could occur, users will tend to interpret
such statements in the broadest possible terms, which does harm to their
understanding of how they can use and distribute Asterisk.

Since the poster's question was specifically about configuration files,
I see no connection between protecting them and any possible violation
of the GPLv2 license on Asterisk, except for the unlikely scenario of
the poster deciding to modify Asterisk to decrypt files as it reads
them... and even then, the license violation would only occur if they
failed to provide their customers the modified Asterisk code; keeping
the decryption keys private would not violate the GPLv2 at all.

How does obtaining a commercial license from Digium provide the poster a
'legitimate' way to secure his configuration files?

-- 
Kevin P. Fleming
Digium, Inc. | Director of Software Technologies
445 Jan Davis Drive NW - Huntsville, AL 35806 - USA
skype: kpfleming | jabber: kfleming at digium.com
Check us out at www.digium.com & www.asterisk.org

-- 
--
Ok.  I've been reading this thread all day;  This seems (to me) to be the
"Best of Both worlds" solution - enable the #exec option in asterisk.conf
and have each .conf call a compiled C program to populate the actual
content.  This protects the OP's work to the degree allowed and lets the
next guy have a starting point when the bus hits him.
 _____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users




More information about the asterisk-users mailing list