Hi, John! 1. No, it is not taken care by the module internally.
2. opensipsctl is run only locally, so I don't think you have to worry about that. On the other side, mi_datagram communicates plain-text over the internet, so I understand your worries. However, there's not that much you can do on the application side. The only thing that I can think of is to guide that traffic throug a VPN tunnel.
3. This depends on the command you are running. You can run opensips as a non-priviledged user and still run exec, as long as that user has execute rights on the script/binary you are executing.
Best regards, Răzvan Crainea OpenSIPS Core Developer http://www.opensips-solutions.com On 11/23/2015 06:04 AM, John Nash wrote:
I have couple of things i need your valuable inputs I have already seen some articles and slides but some questions remain... 1- AVP db queries do we need to escape parameters or its taken care of by module internally. 2- How can I secure opensipsctl and mi_datagram as that is gateway to my opensips. 3- I need to use exec module to run some opensipsctl commands, If I understand correctly, if i am running opensips as root someone can run any command on my box?...On the other hand if I run opensips on some non privileged user can I still run exec? _______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________ Users mailing list [email protected] http://lists.opensips.org/cgi-bin/mailman/listinfo/users
