Voxalot / SIP Broker Support Forums

Voxalot / SIP Broker Support Forums (https://forum.sipbroker.com/index.php)
-   Voxalot Support (https://forum.sipbroker.com/forumdisplay.php?f=4)
-   -   Import/Export bug (https://forum.sipbroker.com/showthread.php?t=2534)

loraolo 11-10-2007 11:36 AM
Import/Export bug
 
Hi Martin,

I tried to use the import/export feature and I found that if I want to register again a provider after import with replace function I need to reenter the authorization password associated with the VSP account, if not the provider will not be registered:

To repro this behaviour try the following:

* Export providers to a .csv file
* Import the same file with replace button
* Try to register a previous registered account

Regards
Paolo

martin 11-10-2007 11:38 AM
This is working as designed. For security reasons we don't not import / export passwords.

loraolo 11-10-2007 11:51 AM
Do you mean that if a password is already stored with a providers the replace function delete it?

I cannot think it woks as designed!

Paolo

craig 11-10-2007 08:35 PM
Quote:
Originally Posted by loraolo (Post 14019)
Do you mean that if a password is already stored with a providers the replace function delete it?

I cannot think it woks as designed!
Martin is correct... it is working as designed. However, you do raise a good point. If you import and replace everything, then it can become quite tedious if you have to re-enter all the passwords.

I am fairly sure that I can make a few changes to support keeping the old password if all the other details match. Watch this thread for more details.

--
Craig

affinity 11-11-2007 02:14 AM
I would prefer an option to actually export the password even if it isn't the default choice.

craig 11-12-2007 01:42 AM
Quote:
Originally Posted by affinity (Post 14038)
I would prefer an option to actually export the password even if it isn't the default choice.
That is also a good suggestion, but unfortunately there are a couple of technical challenges in developing it. For everyone's security, we store your providers' password using a one-way encryption algorithm in the database... so we aren't able to actually get the original password back to export it.

I was thinking that we could perhaps export the encrypted version of the password, but the problem is that when we go to import that value, our member save routine will try to encrypt that the value it is given (which is obviously incorrect in this specific scenario).

I will have a look at doing this, but it is an area where security is our number one concern, so if there is any risk I will probably err on the side of caution.

--
Craig

kurun 11-12-2007 03:06 AM
Perhaps one approach would be to allow the account holder a choice of whether to encrypt the pass words in the first place.
Obviously, if not encrypted the exported password should be the same as the initially entered password.

Although I am sure that Voxalot is totally above board when handling VSP account passwords, one has to be realistic and keep things in perspective. It is one thing to have an un-encrypted VoIP account password for a pre-paid account with $10 worth of calling credit. It is a totally different matter when handling the password for Bank online access, which I would never write down or expose to a third party.

I personally would prefer the passwords to be readily available for export from my Voxalot VSP list.

affinity 11-12-2007 07:40 AM
If the password is required to be sent to the VSP at the time of call setup, then the password should be able to be decrypted and returned to the user by request. Perhaps it would be better to email the export file as an attachment to the registered email address, rather than as a website download.


All times are GMT. The time now is 08:54 PM.

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.