[SR-Users] DBURL password in clear
Daniel Tryba
d.tryba at pocos.nl
Thu Nov 16 10:34:34 CET 2017
On Wed, Nov 15, 2017 at 08:46:58AM +0100, Daniel-Constantin Mierla wrote:
> > I???m working for a UK high street bank and our Kamailio implementation has been challenged because we???ve got database passwords held in clear in the configuration file.
...
> > My requirement is simple, I need to be able to supply a password via means such as loading a variable from a run-once script at start up, or a module. The ideal would be to be able to read in a Docker secret :)
> >
> you can define a for a token to be used inside kamailio.cfg by using -A
> command line parameter. So when you start kamailio, fetch the password
> from your secure system by what so ever meaning, then build the database
> url based on it and run kamailio with:
>
> kamailio - A DBURL='mysql://user:passwd@dbhost/kamailio' ...
My guess is the next problem will be the password being visible to all
users querying the processlist :)
Is including a file (import_file) with passwords an option? Generate the
file just before startup, remove it (ofcourse in a secure way (shred the
file and overwrite all freespace with a multiple patters a few dozen
times (ask the auditors for the exact specifications that make them
happy))) after kamailio is running.
More information about the sr-users
mailing list