Tzafrir Cohen wrote: > On Wed, Aug 20, 2008 at 10:00:55AM -0700, Eric Chamberlain wrote: > >> We are exploring using Asterisk for a project and we are looking for a >> way to encrypt/decrypt the peer passwords stored in the realtime >> database (postrges). >> >> Ideally, we want to use a public key to encrypt the passwords before >> they go into the database and have Asterisk use a private key to >> decrypt the password as part of the call out process. >> >> Has anyone developed something like this? >> > > What is the point in that? What threats does it help you to mitigate? > > It helps you mitigate an incredible amount of headache if someone hacks in and gains access to your DB. The user accounts are still rather secure -- at least long enough to inform your users to change their passwords.
And yes... you could just say, "Don't let that happen. Use better security on the system." However, that's not 100% effective, and most hacks are done by disgruntled former employees who had legitimate access to the system in the first place. As long as it CAN be done without drastically affecting performance and/or user experience, any extra security is a Good Thing. N. _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- AstriCon 2008 - September 22 - 25 Phoenix, Arizona Register Now: http://www.astricon.net asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
