On 13/11/09 8:30 AM, SIP wrote: > Eh... if VoIP fraud weren't so rampant, and I didn't constantly see > mailings to the Asterisk list about "How do I secure my system from the > people who've been costing me tons of money lately," I would say that > having a lax stance on security in exchange for additional usability > might be a good thing. But as is, that's simply not the case. The > 'usability' you get from this is really only questionably essential in > its ability to save time, but the security one would get from a change > could save some people actual money -- not just time.
The problem there is normally lax usernames and passwords. Not that there is default access to the echo test. > As someone who used to design systems and networks, I would vote for > security over nebulous desire to keep the status quo. Because you're already using Asterisk. If it had been too hard at the start maybe you wouldn't. > True, you can't keep stupid people from doing stupid things, but given a > choice between protecting the ignorant from a bad situation or catering > to those who want to avoid an extra step or two on installation, I'd > side with protecting the ignorant every time. There's always a trade-off > between usability and security, and I'm of the opinion that security is > the more important of the two when dealing with systems connected to the > Internet. Call me a cynic. :) The ignorant won't have changed the default context - they likely won't even know how to edit a config file - so they're safe. -- Cheers, Matt Riddell Director _______________________________________________ http://www.venturevoip.com/news.php (Daily Asterisk News) http://www.venturevoip.com/st.php (SmoothTorque Predictive Dialer) http://www.venturevoip.com/c3.php (ConduIT3 PABX Systems) _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
