On Sat, 2024-01-13 at 17:09 +0000, Tim Lewis via beginners wrote: > You bring an excellent point about the ability to spoof the email address. > In my case the email that for the server is not made public, but that is a > vulnerability. I will have to read up on pwgen. That sounds like a good > authentication that changes like a token number.
It may be the safest way; nobody else would have the passwords and for when someone tries to guess them, you can put a delay to slow them down once an invalid password has been received. If you increase the delay like exponentially for every wrong password received in a row, you "only" risk being disabled yourself until a long delay expires. Pwgen is a nice program to generate passwords. > Another approach could be secondary authentication where it sends > something to my phone, and then waits for a text response from the > phone before executing anything. Are you able to send something to your phone without using xmpp? You could have your asterisk call your phone so you can enter a number, and when it's the right number you entered, the processing of the particular email that triggered the call becomes allowed. You could even put the number you have to enter into the email, assuming that nobody who has the number can intercept the call. That way you wouldn't need to use a list of pre-defined passwords. If you do that, perhaps you might as well call your asterisk yourself directly. Asterisk can verify the caller number and require you to enter a password (a fixed one, or one which you might have sent by email beforehand); after that, it can present you with a menu for the commands you want to get executed and execute them. Asterisk and xmpp can be a rather powerful combination. -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/
