Thanks community for sharing your thoughts. @ Faisal Hanif- Both of the solutions you suggested seems equally good for me let me look into it how can i do that.
@Stiles This has nothing to do with mean spirited. If an individual is using an open source technology then it don't means that he developed some thing using that technology , then his work also becomes open source ? @Steve >Won't "show dialplan," "sip show [peers|users]," etc. and a bit of >scripting undo most of this "security." You are right after taking all the measures at the end there will be no security :P >Seriously, if your business depends on obfuscation instead of technical >prowess and killer customer support, you don't have a business. I understand what you mean. These all things will be there. Regarding security it was just a thought in my mind i shared with you all people. @Kevin P Fleming Thanks for clearing the things. @ all others thanks for sharing your thoughts I am not going to modify any Asterisk source code for security (because this trade-off is expensive) Cheers On Thu, Jul 8, 2010 at 1:44 AM, Kevin P. Fleming <kpflem...@digium.com>wrote: > On 07/07/2010 03:33 PM, Tilghman Lesher wrote: > > On Wednesday 07 July 2010 14:58:05 Kevin P. Fleming wrote: > >> On 07/07/2010 10:52 AM, Tilghman Lesher wrote: > >>> On Wednesday 07 July 2010 05:24:10 A J Stiles wrote: > >>>> On Tuesday 06 Jul 2010, ABBAS SHAKEEL wrote: > >>>>> Hello Community, > >>>>> > >>>>> ..... I am facing an issue of security i.e. We deploy > >>>>> servers to client end. Now i dont want the client to see my > >>>>> configuration files (Of course copy and distribute or replicate the > >>>>> logic with out permission). [ 1 paragraph omitted ] > >>>>> Is there a way that the configuration files get encrypted or some > thing > >>>>> else so that some one who have system access can not copy the > >>>>> configuration files data or look into that files. > >>>> > >>>> Well! It's a good job Mark Spencer was never so mean-spirited, > >>>> otherwise you would never have been *given* the power of Asterisk. > >>> > >>> In addition, depending upon how you do this, it may be a serious > >>> violation of the license under which Asterisk was distributed to you > and > >>> under which you are required to distribute Asterisk to others. If you > >>> are looking for a legitimate way to do this, you'd have to obtain a > >>> commercial license from Digium. > >> > >> That statement will likely lead to yet more confusion about how the GPL > >> applies to Asterisk and distribution of Asterisk... without a specific > >> example of how a violation could occur, users will tend to interpret > >> such statements in the broadest possible terms, which does harm to their > >> understanding of how they can use and distribute Asterisk. > > > > Correct, which is why I used the word 'may'. The only way to > sufficiently > > protect the configuration files would be to alter Asterisk and then > refuse > > to provide the altered source to those to whom he provided the binary. > > That would be a violation of the GPL. The only method I can see to get > > around this would be to obtain Asterisk under a non-GPL license. > > It would have been helpful if you had included that example then, > instead of posting such a broad statement that will likely lead to > misinterpretations when it is read from the list archives (and posted on > wikis, and other places). When the 'may' qualifier represents a very > small subset of the possible routes the user might take to achieve their > goal (even if it is the only one to provide any significant level of > security), the generalization will naturally be assumed by readers to > cover many more routes than it actually does... and we have direct > experience that users often can and do believe that the GPLv2 does > somehow control the distribution of their configuration files. In > situations like this, context is everything, and it's much easier to > narrow the context of such a statement when it is written, than after it > has been posted and repeated. > > -- > Kevin P. Fleming > Digium, Inc. | Director of Software Technologies > 445 Jan Davis Drive NW - Huntsville, AL 35806 - USA > skype: kpfleming | jabber: kflem...@digium.com > Check us out at www.digium.com & www.asterisk.org > > -- > _____________________________________________________________________ > -- Bandwidth and Colocation Provided by http://www.api-digital.com -- > New to Asterisk? Join us for a live introductory webinar every Thurs: > http://www.asterisk.org/hello > > asterisk-users mailing list > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users > -- Best Regards Shakeel Abbas
-- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
