On Fri, Feb 25, 2005 at 04:43:50PM -0000, C. Tomlinson wrote: > Hi, > > Thanks for the batchfile type, it's a handy one. > > I'm not editing over the internet, just local LAN for testing ATM. Protected > via firewall. > > Would it not be fairly secure using a combination of the following: > .htaccess file > VPN? > https access? > Limit apache to only allow certain IP's? > And the public keys thing.
Secure agains what? What are the threats you consider? VPN and/or limit of IP addresses (in iptables or in apache's config) would serve to allow access only from certain addresses. But is this a relaistic limitation? I thout you wanted to be able to edit the configuration from various hosts. If this is only your setup, then an sftp-based setup is probably more convinient. Using a .htaccess file (or even better: an apache config snippet in /etc/apache/conf.d )you can force authentication to get to this directory. But then-again, you empower the apache user (www-data) to configure and control asterisk, and thus if anybody manages to make your web server execute an arbitrary script (e.g: can write to a .php file under the wwwroot) they can make asterisk execute arbitrary code as well. The chmod command makes Asterisk's configuration world-writable. So anybody with temporary write access to your system can again change asterisk's configuration. This breaks a general sanity assumption that only system users can write to the configuration. As a rule of thumb such a chmod should generally be replaced by adding a certain user to a certain group. You also change the permissions to the asterisk reload script to 777. Why does it need to be world-writable? This gives an attacker yet another place to inject executable code. In short: I still fail to see the atvantages of using phpconfig in your settings. -- Tzafrir Cohen | New signature for new address and | VIM is http://tzafrir.org.il | new homepage | a Mutt's [EMAIL PROTECTED] | | best ICQ# 16849755 | Space reserved for other protocols | friend _______________________________________________ Asterisk-Users mailing list [email protected] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
