On Monday 14 Feb 2011, Jian Gao wrote: > Now in my asterisk config files, there are lines like: > secret=some_password_in_plain_text > > Is it possible to hide these plain text password?
Depending how you set your permissions, they are already effectively hidden behind the machine's root password. If someone gets that then, my friend, you have bigger things to worry about :) Anyway, the answer is: No, it's mathematically impossible to do that. Even if the passwords were stored encrypted, Asterisk itself has to be able to get the plaintext passwords to send to the remote server; so the code to decrypt them must necessarily be located on the machine. And the Source Code to Asterisk is readily available, which is how come you were able to benefit from it, so it would be trivial to extract the passwords in any case. See also: http://developer.pidgin.im/wiki/PlainTextPasswords for an explanation of pretty much the same issue. -- AJS -- _____________________________________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
