On Tue, Feb 15, 2011 at 07:54:54AM -0500, Richard Kenner wrote: > > Right. But it really won't help much (except complicating things) if the > > user has decent access to Asterisk. > > Yes, but we're talking about cases where the "user" *doesn't* have access > to Asterisk. At many locations, including mine, Asterisk runs on a > machine dedicated for that purpose and only people administering it have > access to that machine. But config files are placed in a CM system which > MANY more people have access to. Having plaintext passwords in those > files is a real problem.
In this case: #include the password (a file the line 'secret=') from a local file on the file system. The user has no access to it, right? It might as well be a database, a remote URL (CURL), an output of a script (#exec). Whichever works best for you. One test for you to consider: are the users able to use the "encrypted" configuration item in a different Asterisk system (without your concent)? -- Tzafrir Cohen icq#16849755 jabber:tzafrir.co...@xorcom.com +972-50-7952406 mailto:tzafrir.co...@xorcom.com http://www.xorcom.com iax:gu...@local.xorcom.com/tzafrir -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users