On Wed, 11 Mar 2009, Remco Barendse wrote: > While this may all be true and valid, obviously there is already an > authentication scheme implemented in Asterisk checking username and > password. > > If it is difficult to implement what i suggested with all the options and > configurable settings, why not implement it in a more simple form? > > Despite of all the arguments on other things we could do, why not increase > the level of security in Asterisk if there is a possibility to do so?
The problem is that Asterisk is not insecure, it is the configuration that makes it insecure. Short, non-random passwords are the problem here. --------------------------------------------------------------------------- Peter Beckman Internet Guy [email protected] http://www.angryox.com/ --------------------------------------------------------------------------- _______________________________________________ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-biz mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-biz
