Igor Hernandez wrote: > I was thinking the same thing I believe Tzafrir just alluded to. If the > passwords are encrypted in the DB with a public key then...asterisk > needs to have the private key stored somewhere to be able to decrypt the > values to authenticate the user. In this way there is nothing preventing > whoever intrudes your boxes from getting that key and decrypting the > values himself. > > I might be missing something though and if thats the case chime in, I'm > interested in this issue. > > Regards, > > Absolutely. But if you can work it so that you have to key in the key manually on startup, or store it on a removable flash drive and it remains in memory during runtime, then you've achieved what you need. Again... this is considerable complexity in the code -- not a simple dialplan hack. BUT... it would add security.
I'm just tossing out ideas here. N. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
