Hi, As per my finding you can have two possible solutions to mentioned problem,
1st is to use realtime curl for all configuration. In this case asterisk will hit your configured URLs to read all configuration. You can run web-server on same or any machine and can use any CGI of Perl, PHP, C, JAVA or any other web language to response the URL. You will have full power of a programming language and you can do what you want just need coding.
2nd option is by enabling execincludes=yes in asterisk.conf you can use #exec in any of asterisk conf file to call any external application and asterisk will use configuration returned by that external application and will treat it same as in static file. Here you again have full power of programming language in you hand.
Regards, Faisal Hanif On 7/7/2010 1:08 PM, Hans Witvliet wrote:
On Wed, 2010-07-07 at 12:12 +0600, ABBAS SHAKEEL wrote:Thanks to Gordon and Paul for kind help. Actually we have a limitation to place the Asterisk server in client premises if the server is in there premises then this means they have full control over it. harddisk encryption seems a good option but no automated boot is big issue :( Is there some thing possible like that ? On Tue, Jul 6, 2010 at 5:21 PM, Gordon Henderson<gordon +aster...@drogon.net> wrote: On Tue, 6 Jul 2010, ABBAS SHAKEEL wrote: > Hello Community, > > I have a question , I have been working with asterisk and developed some > successful applications. I am facing an issue of security i.e. We deploy > servers to client end. Now i dont want the client to see my configuration > files (Of course copy and distribute or replicate the logic with out > permission). > > Now the configuration files are stored in /etc/asterisk/* (Of course we can > specify a different location but at end we specify this in a configuration > file). > > Is there a way that the configuration files get encrypted or some thing else > so that some one who have system access can not copy the configuration files > data or look into that files. The simple answer is that you can't prevent anyone copying it if they have physical access. All you can do is make it hard. If you wanted to encrypt them, you'd need to alter asterisk. You could use something like trucrypt, or another whole disk encryption technology, but that'll require someone typing in a password at boot time making unattended reboots impossible. Another way which I have seen is to do away with the dialplan entirely and do it all in a single big compiled AGI C program. (Ok, you have minimal dialplan to pump everything into it, but...) and don't distribute the source to the C program... You need to work out just what it's worth to you if someone does copy it. Realistically, what's your target audience? Are your clients the sort of people likely to copy and and sell it on? For most businesses, I'd guess not. GordonBefore you embark on this way.... Any disk encryption is of no use as long as it remains de-crypted while the server is running... It only protects you against snooping eyes incaes your hardware is stolen (most likely: laptops, usb-media) If you want to be 100% sure against unautorized access to your data, you might want to use two factor authentication. But the fact that you have to use a smartcard/token AND a passphrase implies that you can not restart your machine/asterisk without being physically there. [I mean, you might be creating your own denial of service] If you just want to protect your asterisk-machine against prying eyes, i would suggest to put all of your config (sip, iax, dialplan) into a database (on a other machine ofcourse) and use an encrypted connection (636, ldaps) to access it. It will protect to against data-theft if your machine is stolen, But that person might still be able to access the asterisk console _before he nicks the system_ and do a "sip show peers" and obtain your info in that way.... So you better consider what you want to protect, against who, and at what acceptable costs.... Security is a tricky business. It's easy to spend vast amount of time and money and not getting any additional security ;-) hw
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
