Better security for the auto populated iax-vicidial.conf?
Posted: Tue Nov 24, 2009 3:26 amUpgraded to the latest SVN trunk and noticed that the auto populated entries for the LB servers are with very risky default values- password 'test', every IP allowed, plain auth and so on.
Is there any reason behind?
Of course this shouldn't be the only step to protect the servers from unauthorised access, but I guess many users, unfamiliar yet with vicidial files, won't even notice this hole, imagine if they are on public IPs, or migrate to such...
I've amended keep alive script per my needs, adding permit/deny rows and strong passwords, but this is temporary, on next upgrade it would be one more thing to worry about.
Or it's already possible to get around this, without modifying the keepalive script, still using this very handy option?
Is there any reason behind?
Of course this shouldn't be the only step to protect the servers from unauthorised access, but I guess many users, unfamiliar yet with vicidial files, won't even notice this hole, imagine if they are on public IPs, or migrate to such...
I've amended keep alive script per my needs, adding permit/deny rows and strong passwords, but this is temporary, on next upgrade it would be one more thing to worry about.
Or it's already possible to get around this, without modifying the keepalive script, still using this very handy option?
