Hi community. This message is specially dedicated to developers of the kamailio project.
I need to find solution how to make authentication for connections of cnxcc with redis. For that moment, cnxcc module is able to connect to redis only without password (Carlos Ruiz Díaz will add this possibility later?). So that, this makes database vulnerable.
Well, furthermore I don't want to use local redis database, cuz I think machine that contains kamailio daemon, must perform just this kind of actions - SIP proxying (kamailio server is not to be a database server or anything else).
For that moment we use separate redis db for cases like that, but this is not best practice I think. I already tried to find solution (for e.g. connections via another module like db_redis: https://github.com/kamailio/kamailio/pull/1432) but I got advice - achieving my goal by sr-users mailing list.
Please pay attention for my request. I think this will be very helpfull for others.
Hello! As you mentioned, cnxcc can't perform password auth. But using redis in local address is good practice in my mind: it used as DB cache often
On 26 Feb 2018 9:32 p.m., "Donat Zenichev" donat.zenichev@gmail.com wrote:
Hi community. This message is specially dedicated to developers of the kamailio project.
I need to find solution how to make authentication for connections of cnxcc with redis. For that moment, cnxcc module is able to connect to redis only without password (Carlos Ruiz Díaz will add this possibility later?). So that, this makes database vulnerable.
Well, furthermore I don't want to use local redis database, cuz I think machine that contains kamailio daemon, must perform just this kind of actions - SIP proxying (kamailio server is not to be a database server or anything else).
For that moment we use separate redis db for cases like that, but this is not best practice I think. I already tried to find solution (for e.g. connections via another module like db_redis: https://github.com/kamailio/kamailio/pull/1432) but I got advice - achieving my goal by sr-users mailing list.
Please pay attention for my request. I think this will be very helpfull for others.
Nevertheless, I want to find the needed solution. In my opinion - If module is able to connect to redis databases, it'd better to perform it with authentication.
Because, there are cases when db located on localhost is improper solution or other users mustn't see hkeys, amounts inside hkeys it etc. So I think no one will be mind, to have whole possibility - real-time billing (cnxcc) working with redis securely.
So please don't be apathetic to my request.
2018-02-26 9:44 GMT+02:00 Donat Zenichev donat.zenichev@gmail.com:
Hi community. This message is specially dedicated to developers of the kamailio project.
I need to find solution how to make authentication for connections of cnxcc with redis. For that moment, cnxcc module is able to connect to redis only without password (Carlos Ruiz Díaz will add this possibility later?). So that, this makes database vulnerable.
Well, furthermore I don't want to use local redis database, cuz I think machine that contains kamailio daemon, must perform just this kind of actions - SIP proxying (kamailio server is not to be a database server or anything else).
For that moment we use separate redis db for cases like that, but this is not best practice I think. I already tried to find solution (for e.g. connections via another module like db_redis: https://github.com/kamailio/kamailio/pull/1432) but I got advice - achieving my goal by sr-users mailing list.
Please pay attention for my request. I think this will be very helpfull for others.
--
BR, Donat Zenichev Wnet VoIP team Tel Ukraine: +380(44) 5-900-800 Tel USA: +164(67) 8-174-17 (ext 1320) https://w-net.us/ http://wnet.ua
Hello,
maybe authentication support was not implemented in cnxcc. Eventually it can be extracted from the ndb_redis, that module has it implemented already.
* https://www.kamailio.org/docs/modules/stable/modules/ndb_redis.html#ndb_redi...
Cheers, Daniel
On 27.02.18 14:39, Donat Zenichev wrote:
Nevertheless, I want to find the needed solution. In my opinion - If module is able to connect to redis databases, it'd better to perform it with authentication.
Because, there are cases when db located on localhost is improper solution or other users mustn't see hkeys, amounts inside hkeys it etc. So I think no one will be mind, to have whole possibility - real-time billing (cnxcc) working with redis securely.
So please don't be apathetic to my request.
2018-02-26 9:44 GMT+02:00 Donat Zenichev <donat.zenichev@gmail.com mailto:donat.zenichev@gmail.com>:
Hi community. This message is specially dedicated to developers of the kamailio project. I need to find solution how to make authentication for connections of cnxcc with redis. For that moment, cnxcc module is able to connect to redis only without password (Carlos Ruiz Díaz will add this possibility later?). So that, this makes database vulnerable. Well, furthermore I don't want to use local redis database, cuz I think machine that contains kamailio daemon, must perform just this kind of actions - SIP proxying (kamailio server is not to be a database server or anything else). For that moment we use separate redis db for cases like that, but this is not best practice I think. I already tried to find solution (for e.g. connections via another module like db_redis: https://github.com/kamailio/kamailio/pull/1432 <https://github.com/kamailio/kamailio/pull/1432>) but I got advice - achieving my goal by sr-users mailing list. Please pay attention for my request. I think this will be very helpfull for others. -- -- BR, Donat Zenichev Wnet VoIP team Tel Ukraine: +380(44) 5-900-800 Tel USA: +164(67) 8-174-17 (ext 1320) https://w-net.us/ <http://wnet.ua>-- -- BR, Donat Zenichev Wnet VoIP team Tel Ukraine: +380(44) 5-900-800 Tel USA: +164(67) 8-174-17 (ext 1320) https://w-net.us/ http://wnet.ua
Kamailio (SER) - Users Mailing List sr-users@lists.kamailio.org https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
-
Daniel-Constantin Mierla -
Dmitri Savolainen -
Donat Zenichev