On Tue, Feb 15, 2011 at 07:54:54AM -0500, Richard Kenner wrote:
> > Right. But it really won't help much (except complicating things) if the
> > user has decent access to Asterisk.
>
> Yes, but we're talking about cases where the "user" *doesn't* have access
> to Asterisk. At many locations, including mine, Asterisk runs on a
> machine dedicated for that purpose and only people administering it have
> access to that machine. But config files are placed in a CM system which
> MANY more people have access to. Having plaintext passwords in those
> files is a real problem.
In this case:
#include the password (a file the line 'secret=') from a local file on
the file system. The user has no access to it, right?
It might as well be a database, a remote URL (CURL), an output of a
script (#exec). Whichever works best for you.
One test for you to consider: are the users able to use the "encrypted"
configuration item in a different Asterisk system (without your
concent)?
--
Tzafrir Cohen
icq#16849755 jabber:[email protected]
+972-50-7952406 mailto:[email protected]
http://www.xorcom.com iax:[email protected]/tzafrir
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
