[SR-Users] Presence of plain text username and password in kamailio.cfg

Daniel-Constantin Mierla miconda at gmail.com
Wed Nov 18 17:14:16 CET 2020


On 18.11.20 16:45, Daniel-Constantin Mierla wrote:
>
> One alternative is to pass user/password via environment variables and
> then use #!substdef in configuration file, with the replacement using
> the corresponding $env(...) variables.
>
> If the goal is protecting the configuration file content in long term
> against being read in the future, two other options:
>
>   - remove kamailio.cfg after starting kamailio, it is not needed at
> runtime
>

Obviously, instead of removing, the permissions kamailio.cfg can be
changed after starting kamailio -- adding this after seeing in another
message being mentioned the option with mysql my.cfg, user/password is
in a local file anyhow.

Cheers,
Daniel

>   - encrypt kamailio.cfg and pipe its decrypted content to kamailio at
> startup, like:
>
> decryptapp kamailio-encrypted.cfg | kamailio -f - ...
>
> Cheers,
> Daniel
>
> On 18.11.20 15:27, David Villasmil wrote:
>> I just get the params from AWS Parameter Store and pass it to
>> Kamailio on startup. Downsize is you can see them in “ps”.
>>
>> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691 at gmail.com
>> <mailto:568691 at gmail.com>> wrote:
>>
>>     Alternative way is to use unixodbc, but it just means you put the
>>     password into another file.
>>
>>     ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi
>>     <568691 at gmail.com <mailto:568691 at gmail.com>>:
>>
>>         Don't use databases. Create an API and use it to access the
>>         data you need. Won't work for every possible usage, but in
>>         general API-driven SIP-routing is very possible with
>>         Kamailio, especially with KEMI.
>>
>>         ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou
>>         <amarsou1988 at gmail.com <mailto:amarsou1988 at gmail.com>>:
>>
>>             Hi;
>>             I want to remove all plain text usernames an
>>             passwords from kamailio.cfg file. Like
>>             modparam("auth_db", "db_url",
>>             "dbdriver://username:password@dbhost/dbname")
>>             or this 
>>             modparam("sqlops","sqlcon","ca=>dbdriver://username:password@dbhost/dbname")
>>             Can you help me with some ideas of how can I handle that?
>>             Thank you.
>>             _______________________________________________
>>             Kamailio (SER) - Users Mailing List
>>             sr-users at lists.kamailio.org
>>             <mailto:sr-users at lists.kamailio.org>
>>             https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>             <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>>
>>
>>         -- 
>>         Alexandru Covalschi
>>         VoIP engineer and system administrator
>>         tel: +37367398493
>>
>>
>>
>>     -- 
>>     Alexandru Covalschi
>>     VoIP engineer and system administrator
>>     tel: +37367398493
>>
>>     _______________________________________________
>>     Kamailio (SER) - Users Mailing List
>>     sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>>     https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>     <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>> -- 
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> <mailto:david.villasmil.work at gmail.com>
>> phone: +34669448337
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> -- 
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla

-- 
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201118/fad417b4/attachment.htm>


More information about the sr-users mailing list