Summary: | ASTERISK-09164: Missing warning about unknown parameters in sip.conf => No warning about misspelled " | ||
Reporter: | Bjoern (nightcrawler) | Labels: | |
Date Opened: | 2007-04-01 10:17:36 | Date Closed: | 2007-07-09 21:20:43 |
Priority: | Major | Regression? | No |
Status: | Closed/Complete | Components: | Core/Configuration |
Versions: | Frequency of Occurrence | ||
Related Issues: | |||
Environment: | Attachments: | ||
Description: | I'm running Asterisk trunk on Fedora Core 6. I found out, that Asterisk does not warn about unknown parameters in sip.conf. This is even though I ran it with very high debug output and verbosity and I also turned on debug logging in logger.conf and sipdebug in sip.conf. Normally it wouldn't matter to me if I could insert anything into sip.conf and Asterisk will just read over it. The reason, I think a warning about unknown parameters would be necessary is: When I accidently mistype the parametername "secret", users are able to login without a password, which I regard as a security-risk. Ideas to resolve the problem: 1. A warning about unknown parameters in sip.conf (and other .conf-files, if not already implemented) 2. A parameter in the [general]-section of sip.conf (or in asterisk.conf for all "protocol".conf), which would not permit the creation of users without a secret (or even better, specifying a minimum password strength) would be a very useful feature. ****** ADDITIONAL INFORMATION ****** I also filed this as a question ([HELP] Unknown parameters in sip.conf) in the "Asterisk Support" Forum and was encouraged to file it as a bug. | ||
Comments: | By: Clod Patry (junky) 2007-04-01 12:42:40 Just use a template with a default password set? If you misspell something, your default password will be used, which solve that "security risk". By: Russell Bryant (russell) 2007-04-03 13:58:05 This issue has been resolved in 1.2, 1.4, and trunk in revisions 59916, 59936, and 59937. Thanks! By: Olle Johansson (oej) 2007-04-03 14:05:03 This can't be done for type=user since a type=friend has a lot of options that can't be handled by the user. Implementing error messages will cause a *lot* of warnings. By: Olle Johansson (oej) 2007-04-03 14:05:55 The feature request about "disable-without-secrets" sounds like a good thing to implement in future releases. It's added to my todo list. Thanks. |