[Freeswitch-users] Passwords in clear text

Anthony Minessale anthony.minessale at gmail.com
Tue Oct 21 17:53:17 EDT 2008


the sofia library we depend on requires you to feed it plain passwords for
outbound auth.
We would have to pressure them to expose a way for us to pre-hash them.

As an alternative, you can always use xml-curl + https url to fetch the
configs from your db on the fly over a secure
connection but that won't stop the hacker from running gcore on fs and
finding them in the ram somewhere just like if someone wants to break into
your house he can just take a chainsaw and cut a hole in the side and walk
in.
I'll ask the guy next time i talk to him.



On Tue, Oct 21, 2008 at 3:30 PM, Peter P GMX <Prometheus001 at gmx.net> wrote:

> Thanks for your support for the vm-passwords.
>
> The most important part for us however is having hashed passwords for
> external gateway definitions (we have a lot) and securing pins for
> conferences.
> Do we have a chance to add this also?
>
> In our environment DTMF is of course transported via SRTP so this is
> more secure (although the key exchange by SDES is known to have security
> issues, as rtp streams may be replayed by a 3rd party, there is no
> replay prevention mechanism in SDES and therefore also not in
> freeswitch, hein?).
>
> Best regards
> Peter
>
> Michael Jerris schrieb:
> > just added vm-a1-hash as well that you can use to override the
> > standard a1 hash for voicemail use only.
> >
> > Mike
> >
> >
> > On Oct 20, 2008, at 7:27 PM, Anthony Minessale wrote:
> >
> >
> >> if you want to test latest trunk i added code that *should* let you
> >> auth the vm using the same
> >> a1-hash also we added an "md5" api command to mod_commands so you
> >> can use it in your own apps.
> >>
> >> ${md5(some data)}
> >>
> >>
> >
> > _______________________________________________
> > Freeswitch-users mailing list
> > Freeswitch-users at lists.freeswitch.org
> > http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> > UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> > http://www.freeswitch.org
> >
> >
>
> _______________________________________________
> Freeswitch-users mailing list
> Freeswitch-users at lists.freeswitch.org
> http://lists.freeswitch.org/mailman/listinfo/freeswitch-users
> UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users
> http://www.freeswitch.org
>



-- 
Anthony Minessale II

FreeSWITCH http://www.freeswitch.org/
ClueCon http://www.cluecon.com/

AIM: anthm
MSN:anthony_minessale at hotmail.com <MSN%3Aanthony_minessale at hotmail.com>
GTALK/JABBER/PAYPAL:anthony.minessale at gmail.com<PAYPAL%3Aanthony.minessale at gmail.com>
IRC: irc.freenode.net #freeswitch

FreeSWITCH Developer Conference
sip:888 at conference.freeswitch.org <sip%3A888 at conference.freeswitch.org>
iax:guest at conference.freeswitch.org/888
googletalk:conf+888 at conference.freeswitch.org<googletalk%3Aconf%2B888 at conference.freeswitch.org>
pstn:213-799-1400
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20081021/0d238a66/attachment-0001.html 


More information about the Freeswitch-users mailing list