On Wed, Oct 22, 2003 at 02:24:57PM +0100, WipeOut wrote: > >> Here is another thought that I haven't heard mentioned... > >> > >> How about changing the TFTP upgrade in favour of HTTP upgrades and > >> config file retrieval.. I am sure almost everyone has an HTTP server > >> available to them but I doubt many have a TFTP server available.. I > >> think this would help many people.. If you agree reply.. :) > > > Virtually every linux distribution I know of has TFTP as part of the > > distribution, or is easily available as an add on. It is trivial to > > set up, has very low overhead and a small footprint. > > > I still think HTTP is a better option.. There is far more control > available in terms of securing it especially when the description of the > package says " TFTP provides very little security, and should not be > enabled unless it is expressly needed.".. >
right, adding HTTPS and HTTP to the boot loader would cause that to inflate and possibly be to big to deal with. so enable tftp and put a couple of ipfw statements on the box to limit who can tftp from/to you. when tftp says it provides little security, that should really say tftp provides little to no authentication, ie it doesn't ask for a uid/pwd. http is a bad idea imho. I don't want to have to carry around a web server on my laptop, or have to have my customers config a web server to deal with updating their phone. _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
