> While this may all be true and valid, obviously there is already an
> authentication scheme implemented in Asterisk checking username and
> password.
>
> If it is difficult to implement what i suggested with all the options and
> configurable settings, why not implement it in a more simple form?
>
> Despite of all the arguments on other things we could do, why not increase
> the level of security in Asterisk if there is a possibility to do so?
The problem is that Asterisk is not insecure, it is the configuration that
makes it insecure. Short, non-random passwords are the problem here.
---------------------------------------------------------------------------
Peter Beckman Internet Guy
beckman@angryox.com http://www.angryox.com/
---------------------------------------------------------------------------
_______________________________________________
--Bandwidth and Colocation Provided by http://www.api-digital.com--
asterisk-biz mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-biz
No comments:
Post a Comment