Upgraded to the latest SVN trunk and noticed that the auto populated entries for the LB servers are with very risky default values- password 'test', every IP allowed, plain auth and so on.
Is there any reason behind?
Of course this shouldn't be the only step to protect the servers from unauthorised access, but I guess many users, unfamiliar yet with vicidial files, won't even notice this hole, imagine if they are on public IPs, or migrate to such...
I've amended keep alive script per my needs, adding permit/deny rows and strong passwords, but this is temporary, on next upgrade it would be one more thing to worry about.
Or it's already possible to get around this, without modifying the keepalive script, still using this very handy option?
Better security for the auto populated iax-vicidial.conf?
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
3 posts
• Page 1 of 1
Better security for the auto populated iax-vicidial.conf?
by okli » Tue Nov 24, 2009 3:26 am
- okli
- Posts: 671
- Joined: Mon Oct 01, 2007 5:09 pm
by mflorell » Tue Nov 24, 2009 6:48 am
All of the multi-server systems that we install are behind restrictive firewalls or VPNs so that kind of security is something we haven't really had to worry about for mutli-server systems.
It would probably be a good idea to at least allow a web-configurable password for the servers. Could you add an issue to the issue tracker for this?
It would probably be a good idea to at least allow a web-configurable password for the servers. Could you add an issue to the issue tracker for this?
- mflorell
- Site Admin
- Posts: 18406
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Majestic-12 [Bot] and 68 guests