then you would also need to address the CounterPath provisioning aspect, since it provides your config/access via pin. On Oct 10, 2011 7:06 AM, "Michael Scheidell" <[email protected]> wrote:
> > Content-Type: text/plain; > charset="utf-8" > Content-Transfer-Encoding: 8bit > Organization: SipXecs Forum > In-Reply-To: <CAAHujP7Y+4jsuNFAFC00SSJb5TwwsezXJjZNFR= > [email protected]> > X-FUDforum: 08063afcdd00a6e76393c5b9527381e8 <63899> > Message-ID: <[email protected]> > > > > Michael Picher wrote on Fri, 07 October 2011 04:55 > > IMHO, only if it is settable in the Admin GUI. What is > > wrong with giving > > the admin a choice as to how they want their system > > setup? > > > > Just because you want it at 4 doesn't mean somebody > > isn't trying to replace > > another system that allowed for 3. > > > > I don't disagree that more security is good. But at > > least allow somebody to > > slit their own throat. Set your defaults where they are > > reasonable but > > allow them to be changed. This doesn't seem hard (to > > me, but I'm not a > > programmer either). > > > if the user password is too easy, hackers can use it to make > free phone calls. they can log in, set forward, and dial in > from pstn, so this isn't just a matter of a luser not > protecting their voicemails. this is an admin/ toll fraud > issue. > > also, it would be best (best practices) if the web user > password was different then the voicemail pin code. > > that way, you can enforce HIPAA/GLBA/ EU privacy > requirements on account access, but give the luser a simpler > voicemail pin code. > > -- > -- > Michael Scheidell, CTO > SECNAP Network Security Corp > _______________________________________________ > sipx-users mailing list > [email protected] > List Archive: http://list.sipfoundry.org/archive/sipx-users/ >
_______________________________________________ sipx-users mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-users/
