[SR-Users] Presence of plain text username and password in kamailio.cfg
Daniel-Constantin Mierla
miconda at gmail.com
Wed Nov 18 17:14:16 CET 2020
On 18.11.20 16:45, Daniel-Constantin Mierla wrote:
>
> One alternative is to pass user/password via environment variables and
> then use #!substdef in configuration file, with the replacement using
> the corresponding $env(...) variables.
>
> If the goal is protecting the configuration file content in long term
> against being read in the future, two other options:
>
> - remove kamailio.cfg after starting kamailio, it is not needed at
> runtime
>
Obviously, instead of removing, the permissions kamailio.cfg can be
changed after starting kamailio -- adding this after seeing in another
message being mentioned the option with mysql my.cfg, user/password is
in a local file anyhow.
Cheers,
Daniel
> - encrypt kamailio.cfg and pipe its decrypted content to kamailio at
> startup, like:
>
> decryptapp kamailio-encrypted.cfg | kamailio -f - ...
>
> Cheers,
> Daniel
>
> On 18.11.20 15:27, David Villasmil wrote:
>> I just get the params from AWS Parameter Store and pass it to
>> Kamailio on startup. Downsize is you can see them in “ps”.
>>
>> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691 at gmail.com
>> <mailto:568691 at gmail.com>> wrote:
>>
>> Alternative way is to use unixodbc, but it just means you put the
>> password into another file.
>>
>> ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi
>> <568691 at gmail.com <mailto:568691 at gmail.com>>:
>>
>> Don't use databases. Create an API and use it to access the
>> data you need. Won't work for every possible usage, but in
>> general API-driven SIP-routing is very possible with
>> Kamailio, especially with KEMI.
>>
>> ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou
>> <amarsou1988 at gmail.com <mailto:amarsou1988 at gmail.com>>:
>>
>> Hi;
>> I want to remove all plain text usernames an
>> passwords from kamailio.cfg file. Like
>> modparam("auth_db", "db_url",
>> "dbdriver://username:password@dbhost/dbname")
>> or this
>> modparam("sqlops","sqlcon","ca=>dbdriver://username:password@dbhost/dbname")
>> Can you help me with some ideas of how can I handle that?
>> Thank you.
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> <mailto:sr-users at lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>>
>>
>> --
>> Alexandru Covalschi
>> VoIP engineer and system administrator
>> tel: +37367398493
>>
>>
>>
>> --
>> Alexandru Covalschi
>> VoIP engineer and system administrator
>> tel: +37367398493
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org <mailto:sr-users at lists.kamailio.org>
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>> <https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users>
>>
>> --
>> Regards,
>>
>> David Villasmil
>> email: david.villasmil.work at gmail.com
>> <mailto:david.villasmil.work at gmail.com>
>> phone: +34669448337
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
> --
> Daniel-Constantin Mierla -- www.asipto.com
> www.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
--
Daniel-Constantin Mierla -- www.asipto.com
www.twitter.com/miconda -- www.linkedin.com/in/miconda
Funding: https://www.paypal.me/dcmierla
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201118/fad417b4/attachment.htm>
More information about the sr-users
mailing list