Igor Hernandez wrote: > I was thinking the same thing I believe Tzafrir just alluded to. If the > passwords are encrypted in the DB with a public key then...asterisk > needs to have the private key stored somewhere to be able to decrypt the > values to authenticate the user. In this way there is nothing preventing > whoever intrudes your boxes from getting that key and decrypting the > values himself. > > I might be missing something though and if thats the case chime in, I'm > interested in this issue.
Some of us place databases on separate systems so the cracker would have to break into two systems -- the database box and the Asterisk box. Rod -- > > Regards, > _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users