Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit Organization: SipXecs Forum In-Reply-To: <CAAHujP7Y+4jsuNFAFC00SSJb5TwwsezXJjZNFR=aep8vpvx...@mail.gmail.com> X-FUDforum: 08063afcdd00a6e76393c5b9527381e8 <63899> Message-ID: <[email protected]>
Michael Picher wrote on Fri, 07 October 2011 04:55 > IMHO, only if it is settable in the Admin GUI. What is > wrong with giving > the admin a choice as to how they want their system > setup? > > Just because you want it at 4 doesn't mean somebody > isn't trying to replace > another system that allowed for 3. > > I don't disagree that more security is good. But at > least allow somebody to > slit their own throat. Set your defaults where they are > reasonable but > allow them to be changed. This doesn't seem hard (to > me, but I'm not a > programmer either). if the user password is too easy, hackers can use it to make free phone calls. they can log in, set forward, and dial in from pstn, so this isn't just a matter of a luser not protecting their voicemails. this is an admin/ toll fraud issue. also, it would be best (best practices) if the web user password was different then the voicemail pin code. that way, you can enforce HIPAA/GLBA/ EU privacy requirements on account access, but give the luser a simpler voicemail pin code. -- -- Michael Scheidell, CTO SECNAP Network Security Corp _______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
