<html><head><meta http-equiv="Content-Type" content="text/html charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">That’s a better idea. If any phone is registered with 1234 you can’t dial out any gateway. You can have a big demo but no outside connection. Going outside requires changing the password on all phones.<div class=""><br class=""><div><blockquote type="cite" class=""><div class="">On Mar 14, 2017, at 2:40 PM, Michael Jerris <<a href="mailto:mike@jerris.com" class="">mike@jerris.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><meta http-equiv="Content-Type" content="text/html charset=utf-8" class=""><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;" class="">The demo config includes no way to dial out of a gateway… <div class=""><br class=""></div><div class=""><br class=""><div class=""><blockquote type="cite" class=""><div class="">On Mar 14, 2017, at 5:06 PM, David Villasmil <<a href="mailto:david.villasmil.work@gmail.com" class="">david.villasmil.work@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><div class="">IMHO, a demo config shouldn't be shipped out by default, it's very risky. If everyone using freeswitch (or any other softswitch for that matter) for the first time was a seasoned sysops, then yes. But this is very much not the case. <br class=""><br class="">So maybe it would be safer for everyone to ship it out with a locked-down config, so that user WILL learn how fs works by having to open features one at a time... and then describe in the wiki how to implement the demo config from a git repo.<br class=""><br class="">This way EVERYONE using fs for the first time Will know they are using a demo config with everything defaulted and "open"...<br class=""><br class="">But this is just my opinion.<br class=""><div class="gmail_quote"><div dir="ltr" class="">On Tue, Mar 14, 2017 at 9:58 PM Giovanni Maruzzelli <<a href="mailto:gmaruzz@gmail.com" class="">gmaruzz@gmail.com</a>> wrote:<br class=""></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg">btw the problem is always with users/customers that change the
demo password "1234" (where there is a delay of 10 seconds put there by
this purpose) to something like "password".<br class="gmail_msg"><br class="gmail_msg"></div>And what I can do about this?<br class="gmail_msg"><br class="gmail_msg"></div>I
will put a safeguard against silly passwords, and you will make the
effort to circumvent also that safeguard because "is easier for my
users"?</div><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On 14 March 2017 at 21:56, Giovanni Maruzzelli <span dir="ltr" class="gmail_msg"><<a href="mailto:gmaruzz@gmail.com" class="gmail_msg" target="_blank">gmaruzz@gmail.com</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr" class="gmail_msg"><span class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg"><div class="gmail_msg">NO, the default password of the demo configuration is just that, a DEFAULT password of a DEMO configuration.<br class="gmail_msg"><br class="gmail_msg"></div>That is meant to DEMO just OUT OF THE BOX<br class="gmail_msg"><br class="gmail_msg"></div>So, it must stay this way, because it just works, and is a demo<br class="gmail_msg"><br class="gmail_msg"></div>Then, if you put a demo in production, the problem is between the monitor and the seat, not in the software</span><div class="m_1261933258317348803m_-533940147435761281gmail-ajU gmail_msg m_1261933258317348803m_-533940147435761281gmail-yj6qo"><div id="m_1261933258317348803m_-533940147435761281gmail-:51m" class="m_1261933258317348803m_-533940147435761281gmail-ajR gmail_msg"><img class="m_1261933258317348803m_-533940147435761281gmail-ajT gmail_msg" src="https://ssl.gstatic.com/ui/v1/icons/mail/images/cleardot.gif"></div></div></div><div class="m_1261933258317348803HOEnZb gmail_msg"><div class="gmail_msg m_1261933258317348803h5"><div class="gmail_extra gmail_msg"><br class="gmail_msg"><div class="gmail_quote gmail_msg">On 14 March 2017 at 21:46, David Villasmil <span dir="ltr" class="gmail_msg"><<a href="mailto:david.villasmil.work@gmail.com" class="gmail_msg" target="_blank">david.villasmil.work@gmail.com</a>></span> wrote:<br class="gmail_msg"><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Make the default password very obscure ramdomized on the fly... that way people will be crying because they can't figure out a password instead of having noobies hacked :)<div class="gmail_msg m_1261933258317348803m_-533940147435761281HOEnZb"><div class="gmail_msg m_1261933258317348803m_-533940147435761281h5"><br class="gmail_msg"><div class="gmail_quote gmail_msg"><div dir="ltr" class="gmail_msg">On Tue, Mar 14, 2017 at 9:40 PM Mirko Brankovic <<a href="mailto:mirkobrankovic@gmail.com" class="gmail_msg" target="_blank">mirkobrankovic@gmail.com</a>> wrote:<br class="gmail_msg"></div><blockquote class="gmail_quote gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">Indeed ;)</div><div class="gmail_extra m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><div class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg">On Mar 14, 2017 20:38, "Antonio Silva" <<a href="mailto:asilva@wirelessmundi.com" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg" target="_blank">asilva@wirelessmundi.com</a>> wrote:<br type="attribution" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><blockquote class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
almost... until the user to test set userid = password ... and
forget to change it... ops... hacked... <br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
it's all about good practices.<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
Regards,<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
António<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500m_-4903733626086172236m_-1570856476221377557moz-cite-prefix">On 03/14/2017 07:39 PM, Mirko Brankovic
wrote:<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
<blockquote type="cite" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div dir="auto" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">Cance default password to uuid(), so every new
install will get random one ... Bulletproof :°D</div>
<div class="gmail_extra m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg">On Mar 14, 2017 19:30, "Brian West"
<<a href="mailto:brian@freeswitch.org" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg" target="_blank">brian@freeswitch.org</a>>
wrote:<br type="attribution" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<blockquote class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">This is exactly what prompted me to put the
FOUR LINE CRIT statement when the default password isn't
changed along with a 10 second delay before proceeding.
Still I see questions posted about the 10 second delay and
asking what it means. Not sure how to make it more clear.
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">/b</div>
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
</div>
<div class="gmail_extra m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg">On Tue, Mar 14, 2017 at 1:19 PM,
Giovanni Maruzzelli <span dir="ltr" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><<a href="mailto:gmaruzz@gmail.com" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg" target="_blank">gmaruzz@gmail.com</a>></span>
wrote:<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<blockquote class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">Is nice because they mention FreeSWITCH
in the tag of the link, but the link is
about FreePBX.<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
Anyway, it's true: if you do not use the
standard security practice, and leave your
FreeSWITCH with standard password "1234", or
maybe you change the standard password to
"password", you probably will be hacked, and
phone calls will be originated from your
FreeSWITCH that you do not want to originate.<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
But, man, that's what you, and me, and anyone is
expecting.<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
Also, please do not drive wrong way in the
autobahn :))<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
-giovanni<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
</div>
<div class="gmail_extra m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500m_-4903733626086172236m_-1570856476221377557m_1864650743770131671h5"><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<div class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg">On 14 March 2017 at
16:42, Mario G <span dir="ltr" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"><<a href="mailto:mario_fs@mgtech.com" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg" target="_blank">mario_fs@mgtech.com</a>></span>
wrote:<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<blockquote class="gmail_quote m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg gmail_msg" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Thought some
may be interested in this. I first saw it
today via Apple News… Related to tracing
bomb threats and Jewish attacks… FreeSWITCH
mentioned twice.<br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg">
<a href="http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking" rel="noreferrer" class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg" target="_blank">http://www.theverge.com/2017/3/14/14913118/jcc-bomb-threats-anonymous-phone-calls-pdx-hacking</a><br class="gmail_msg m_1261933258317348803m_-533940147435761281m_-7971852898636709500gmail_msg"></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div></blockquote></div></div></blockquote></div></div></div></blockquote></div></div></div></div></blockquote></div></div></blockquote></div></div></blockquote></div><br class=""></div></div>_________________________________________________________________________<br class="">Professional FreeSWITCH Consulting Services: <br class=""><a href="mailto:consulting@freeswitch.org" class="">consulting@freeswitch.org</a><br class="">http://www.freeswitchsolutions.com<br class=""><br class="">Official FreeSWITCH Sites<br class="">http://www.freeswitch.org<br class="">http://confluence.freeswitch.org<br class="">http://www.cluecon.com<br class=""><br class="">FreeSWITCH-users mailing list<br class="">FreeSWITCH-users@lists.freeswitch.org<br class="">http://lists.freeswitch.org/mailman/listinfo/freeswitch-users<br class="">UNSUBSCRIBE:http://lists.freeswitch.org/mailman/options/freeswitch-users<br class="">http://www.freeswitch.org</div></blockquote></div><br class=""></div></body></html>