thr3ads.net - asterisk users - [asterisk-users] Encrypting passwords in config files [Aug 2018]

If this information is useful, please help other people find it:
Share via:

Floimair Florian

2018-Aug-16 13:08 UTC

[asterisk-users] Encrypting passwords in config files

Hey there!



I was wondering what the best practice is concerning passwords in Asterisk's
config files.



ari.conf has a neat feature where one can use a pre-encrypted password by using

password_format=crypt

for an ARI user



However, I was wondering how to do similar things with e.g. database credentials
when using realtime.

Right now I am using a plain-text password in res_odbc.conf to get the database
connection working.

So the only protection here is restricting file permissions of the config file.



Two questions that arise from this:



Is there any other way to do this that I am missing?

If no, would it be a desirable to implement pre-encrypted passwords for other
config files in the same way as it is done in ari.conf?









 

 

With best regards



Florian Floimair

Innovation - Software-Development



COMMEND INTERNATIONAL GMBH

A-5020 Salzburg, Saalachstraße 51

http://www.commend.com <http://www.commend.com/>



Security and Communication by Commend



FN 178618z | LG Salzburg

asterisk users - Aug 2018 - Encrypting passwords in config files

[asterisk-users] Encrypting passwords in config files