major security risk

Comment on Asterisk tips managing CID names
gsupp
Joined: Wed 08 of Jun, 2005

major security risk

Posted:Wed 10 of Aug, 2005 (07:35 UTC)
Please bear in mind adding the line to /etc/sudoers the author suggests is a major security risk. You're giving anyone with the ability to run a php script full access to your Asterisk server. I would recommend using this line instead, which restricts access to database functions only:

apache ALL = NOPASSWD: /usr/sbin/asterisk -rx database *