Hello Asterisk friends, is it possible to avoid plain text passwords in the iax.conf or the iaxfriends MySQL database table? Regards Bastian
Bastian Schern wrote:> Hello Asterisk friends, > > is it possible to avoid plain text passwords in the iax.conf or the > iaxfriends MySQL database table? >Asterisk needs the plain text password to authenicate. You could wrap a base64 decode when reading the passwords, but this is obsecurity, yet simple to implement & should prevent the casual browser. I guess a more secure method would public key crypto and give asterisk the key at runtime (obviously not 100% secure either) -Adam
Adam Hart schrieb:> Bastian Schern wrote: > >> Hello Asterisk friends, >> >> is it possible to avoid plain text passwords in the iax.conf or the >> iaxfriends MySQL database table? >> > > Asterisk needs the plain text password to authenicate. You could wrap a > base64 decode when reading the passwords, but this is obsecurity, yet > simple to implement & should prevent the casual browser. I guess a more > secure method would public key crypto and give asterisk the key at > runtime (obviously not 100% secure either)I found out that MySQL offers some methods to store strong passwords: http://www.voip-info.org/wiki-Asterisk+sip+mysql+peers But how I use this with Asterisk? Bastian
Interesting question and important as passwords are scattered around everywhere in Asterisk. A central user credentials database is needed, so that a user can connect any which way (SIP, H323,IAX, MGCP,etc) and use the same set of credentials. I have a prototype implementation coded for SIP, but it will take more time (unless there is some real $$$ incentive, any commercial providers willing to do something here?). In addition to central management, these credentials must not get copied around in memory as they are currently, there are some real infrastructure changes needed in the channels, which would enhance security as well as performance. Other than that, one could probably encrypt/decrypt passwords when needed, particularly when they come out of a database, most of these solutions are probably more or less hacks. Bastian Schern wrote:> Hello Asterisk friends, > > is it possible to avoid plain text passwords in the iax.conf or the > iaxfriends MySQL database table? > > Regards > Bastian > _______________________________________________ > Asterisk-Users mailing list > Asterisk-Users@lists.digium.com > http://lists.digium.com/mailman/listinfo/asterisk-users > To UNSUBSCRIBE or update options visit: > http://lists.digium.com/mailman/listinfo/asterisk-users >