[SR-Users] Presence of plain text username and password in kamailio.cfg

Ahmed Marsou amarsou1988 at gmail.com
Wed Nov 18 20:34:54 CET 2020


Yes, Im agree that anyhow it will be on local, but only root user have the
right to read this file.
So how can I change the permission of my.cnf file to be able to read it
from kamailio only when I start or reboot?
Thank you.

El mié., 18 nov. 2020 17:18, Daniel-Constantin Mierla <miconda at gmail.com>
escribió:

>
> On 18.11.20 16:45, Daniel-Constantin Mierla wrote:
>
> One alternative is to pass user/password via environment variables and
> then use #!substdef in configuration file, with the replacement using the
> corresponding $env(...) variables.
>
> If the goal is protecting the configuration file content in long term
> against being read in the future, two other options:
>
>   - remove kamailio.cfg after starting kamailio, it is not needed at
> runtime
>
>
> Obviously, instead of removing, the permissions kamailio.cfg can be
> changed after starting kamailio -- adding this after seeing in another
> message being mentioned the option with mysql my.cfg, user/password is in a
> local file anyhow.
>
> Cheers,
> Daniel
>
>   - encrypt kamailio.cfg and pipe its decrypted content to kamailio at
> startup, like:
>
> decryptapp kamailio-encrypted.cfg | kamailio -f - ...
>
> Cheers,
> Daniel
> On 18.11.20 15:27, David Villasmil wrote:
>
> I just get the params from AWS Parameter Store and pass it to Kamailio on
> startup. Downsize is you can see them in “ps”.
>
> On Wed, 18 Nov 2020 at 12:40, Alexandru Covalschi <568691 at gmail.com>
> wrote:
>
>> Alternative way is to use unixodbc, but it just means you put the
>> password into another file.
>>
>> ср, 18 нояб. 2020 г. в 14:35, Alexandru Covalschi <568691 at gmail.com>:
>>
>>> Don't use databases. Create an API and use it to access the data you
>>> need. Won't work for every possible usage, but in general API-driven
>>> SIP-routing is very possible with Kamailio, especially with KEMI.
>>>
>>> ср, 18 нояб. 2020 г. в 11:32, Ahmed Marsou <amarsou1988 at gmail.com>:
>>>
>>>> Hi;
>>>> I want to remove all plain text usernames an passwords from
>>>> kamailio.cfg file. Like modparam("auth_db", "db_url", "dbdriver://
>>>> username:password at dbhost/dbname")
>>>> or this  modparam("sqlops","sqlcon","ca=>dbdriver://username:password
>>>> @dbhost/dbname")
>>>> Can you help me with some ideas of how can I handle that?
>>>> Thank you.
>>>> _______________________________________________
>>>> Kamailio (SER) - Users Mailing List
>>>> sr-users at lists.kamailio.org
>>>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>>
>>>
>>> --
>>> Alexandru Covalschi
>>> VoIP engineer and system administrator
>>> tel: +37367398493
>>>
>>>
>>
>> --
>> Alexandru Covalschi
>> VoIP engineer and system administrator
>> tel: +37367398493
>>
>> _______________________________________________
>> Kamailio (SER) - Users Mailing List
>> sr-users at lists.kamailio.org
>> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> --
> Regards,
>
> David Villasmil
> email: david.villasmil.work at gmail.com
> phone: +34669448337
>
> _______________________________________________
> Kamailio (SER) - Users Mailing Listsr-users at lists.kamailio.orghttps://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
> Funding: https://www.paypal.me/dcmierla
>
> _______________________________________________
> Kamailio (SER) - Users Mailing List
> sr-users at lists.kamailio.org
> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20201118/c60d5ceb/attachment.htm>


More information about the sr-users mailing list