Bob wrote: > > A hacker can always construct SIP messages to get at the > data anyway, > > so there is no point trying to secure against that. > > That's a bit of an overstatement. If one does not have > direct access to a phone to be monitored then it should be > possible put proper barriers in sipXecs to truly prevent > unprivileged users from monitoring others. But I agree that > as a first step, locking down the GUI is the way to go.
True. I will restate. A hacker with direct access to a phone and/or valid user credentials can always get to the information anyway. Without the "direct phone access" route secured, there is very little benefit in limiting what someone with valid user credentials can access. -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
