[SR-Users] Presence of plain text username and password in kamailio.cfg

Daniel-Constantin Mierla miconda at gmail.com
Wed Nov 18 16:45:58 CET 2020 

One alternative is to pass user/password via environment variables and
then use #!substdef in configuration file, with the replacement using
the corresponding $env(...) variables.

If the goal is protecting the configuration file content in long term
against being read in the future, two other options:

  - remove kamailio.cfg after starting kamailio, it is not needed at runtime

  - encrypt kamailio.cfg and pipe its decrypted content to kamailio at
startup, like:

decryptapp kamailio-encrypted.cfg | kamailio -f - ...

Cheers,
Daniel

On 18.11.20 15:27, David Villasmil wrote:
> I just get the params from AWS Parameter Store and pass it to Kamailio
> on startup. Downsize is you can see them in “ps”.
>
> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691 at gmail.com
> <mailto:568691 at gmail.com>> wrote:
>
>     Alternative way is to use unixodbc, but it just means you put the
>     password into another file.
>
>     ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi
>     <568691 at gmail.com <mailto:568691 at gmail.com>>:
>
>         Don't use databases. Create an API and use it to access the
>         data you need. Won't work for every possible usage, but in
>         general API-driven SIP-routing is very possible with Kamailio,
>         especially with KEMI.
>
>         ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou
>         <amarsou1988 at gmail.com <mailto:amarsou1988 at gmail.com>>:
>
>             Hi;
>             I want to remove all plain text usernames an
>             passwords from kamailio.cfg file. Like modparam("auth_db",
>             "db_url", "dbdriver://username:password@dbhost/dbname")
>             or this 
>             modparam("sqlops","sqlcon","ca=>dbdriver://username:password@dbhost/dbname")
>             Can you help me with some ideas of how can I handle that?
>             Thank you.
>             _______________________________________________
>             Kamailio (SER) - Users Mailing List
>             sr-users at lists.kamailio.org
>             <mailto:sr-users at lists.kamailio.org>
>             https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>             <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
>
>
>         -- 
>         Alexandru Covalschi
>         VoIP engineer and system administrator
>         tel: +37367398493
>
>
>
>     -- 
>     Alexandru Covalschi
>     VoIP engineer and system administrator
>     tel: +37367398493
>
>     _______________________________________________
>     Kamailio (SER) - Users Mailing List
>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>
> -- 
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> <mailto:david.villasmil.work at gmail.com>
> phone: +34669448337
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201118/395a9196/attachment.htm>

More information about the sr-users mailing list