- February 26, 2020 at 1:13 pm
Is there a way from the GUI to add a basic auth username and password to the xepm-provision directory for phone provisioning. I manually added the entries in apache to get authentication to work but after using the GUI and saving changes it reverted what I had configured in CLI.
Having anonymous access to the cfg files for phones is a pretty big security issues as it has the username and password for each account in plaintext.
Any help or suggestions are greatly appreciated,
- February 26, 2020 at 4:43 pm
- February 26, 2020 at 4:59 pm
- February 27, 2020 at 12:25 pm
- February 27, 2020 at 3:39 pm
- February 28, 2020 at 2:58 pm
+1 from me also. I like the ability to control by tenant the provisioning username/pw. The ability to turn on or off the provisioner entirely. With this new auth protection have Fail2Ban monitor it.
I don’t think this should be a paid add-on. Security should always be a priority by default, and it is one of the primary reasons I’ve chosen VitalPBX to service at least some of my PBX needs.0
- March 2, 2020 at 5:50 pm
- March 2, 2020 at 7:53 pm
- March 2, 2020 at 8:06 pm
Jared BuschParticipantNice. Maybe this should be an official feature to allow admins to enable provisioning auth. Perhaps is it even possible to setup multiple credentials? that way you can revoke access for a single tenant.
- October 23, 2020 at 8:12 pm
Without this being built in as a standard security feature, any kind of EPM solution is dead on arrival.
I just stood up a 3.0 test instance to see how things have progressed and this is a huge deal breaker. Right next to not having any ability to add custom fields.0
- You must be logged in to reply to this topic.