Thanks for the response Tzafrir. I meant voicemail.conf for the passwords of course - my mistake. Trying to ensure that if voicemail.conf is opened by an attacker that all the passwords are not readily available. By hashing them or encrypting them in a DB it's going to be much harder for an attacker to obtain access to the passwords.
The only way to encrypt the sending of passwords to the voicemail is by using SIP-TLS? (which is not yet in production stage?). Thanks Jez --- Tzafrir Cohen <[EMAIL PROTECTED]> wrote: > On Fri, Nov 24, 2006 at 06:15:12AM -0800, jezzzz . > wrote: > > Hello all, > > > > I was wondering whether the only way to store the > > passwords for the voicemail is in extensions.conf. > > > voicemail.conf ? > > > Is > > it perhaps possible to store it (encrypted) in a > DB or > > store the hash of the password (as is standard in > > unix) in the extensions.conf file? > > Storing an encrypted DB? Encrypted in what way? What > exactly do you want > to defend against? > > > > > Finally, it does not seem to me that the password > the > > user enters to obtain his voicemail is encrypted > > between the user and Asterisk. Is this correct? > > Basically, not. > > -- > Tzafrir Cohen ____________________________________________________________________________________ Cheap talk? Check out Yahoo! Messenger's low PC-to-Phone call rates. http://voice.yahoo.com _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
