Skip to first unread message
Rahmican Büyükyekdeli
Jul 23, 2018, 8:24:58 AM7/23/18
to TURN Server (Open-Source project)
Hi,
I want to encrypt the password in mysql-userdb in the configuration file of the turn(turn/conf/turnserver.conf).
I tried this, but it did not work:
mysql_turn_password="$(/turn/bin/turnadmin -k -u ninefingers -r <realm> -p <password>)"
mysql-userdb="host=<host> dbname=<database-name> user=<database-user> password=mysql_turn_password port=<port> connect_timeout=<seconds>"
I want to encrypt the following marked place
mysql-userdb="host=<host-ip> dbname=<db-name> user=<username> password=<password> port=<port> connect_timeout=5"
This is a open text password. This seems to be a security vulnerable in the project we use in the company.
We have a project in the certification program so I need to fix this security vulnerability.
How can i do? Can you help me ?
Regards,
Rahmican BÜYÜKYEKDELİ
Rahmican BÜYÜKYEKDELİ
Mészáros Mihály
Jul 23, 2018, 8:57:11 AM7/23/18
to turn-server-project...@googlegroups.com
As I mentioned! This feature is not yet implemented. PR welcome!
If you use a very scoped and limited e.g. select only user to access the tables, then you could limit the scope of the vulnerability a lot.
My 2 cents,
Misi
--
You received this message because you are subscribed to the Google Groups "TURN Server (Open-Source project)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to turn-server-project-rfc57...@googlegroups.com.
To post to this group, send email to turn-server-project...@googlegroups.com.
Visit this group at https://groups.google.com/group/turn-server-project-rfc5766-turn-server.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages