Hi, John!
1. No, it is not taken care by the module internally.
2. opensipsctl is run only locally, so I don't think you have to worry
about that. On the other side, mi_datagram communicates plain-text over
the internet, so I understand your worries. However, there's not that
much you can do on the application side. The only thing that I can think
of is to guide that traffic throug a VPN tunnel.
3. This depends on the command you are running. You can run opensips as
a non-priviledged user and still run exec, as long as that user has
execute rights on the script/binary you are executing.
Best regards,
Răzvan Crainea
OpenSIPS Core Developer
http://www.opensips-solutions.com
On 11/23/2015 06:04 AM, John Nash wrote:
I have couple of things i need your valuable inputs I have already seen
some articles and slides but some questions remain...
1- AVP db queries do we need to escape parameters or its taken care of
by module internally.
2- How can I secure opensipsctl and mi_datagram as that is gateway to my
opensips.
3- I need to use exec module to run some opensipsctl commands, If I
understand correctly, if i am running opensips as root someone can run
any command on my box?...On the other hand if I run opensips on some non
privileged user can I still run exec?
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
___
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users