Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
288
Views
0
Helpful
2
Replies

CiscoIPPhoneInput Param Encryption?

twchan001
Level 1
Level 1

‎05-20-2007 07:05 PM - edited ‎03-13-2019 04:08 PM

When a field is defined as password, will it be sent as plain texts or ciphertexts?

Any alternatives if it is sent as plain texts?

Thx ;)

Labels:
0 Helpful
2 Replies 2

stephan.steiner
Spotlight
Spotlight

‎05-21-2007 04:30 AM

It's sent as plaintext and as a query string parameter. I'm not aware of any other way - but I'm sure with the move to https, we'll see https support for phones sooner rather than later - I guess the biggest challenge is certificates since you can't just accept a certificate on the phone as you'd do in a webbrowser.

In the meantime, I'd rely on separate VLANs and port authentication on the switch to ensure nobody hook in between the phone and the switch to get the traffic - and if you have untrustworthy individuals having access to the backbone of your network, you have a whole set of different problems that encryption of ip phone services won't cure.

0 Helpful

Sascha Monteiro
Level 6
Level 6
In response to stephan.steiner

‎05-21-2007 05:35 PM

:-) yes, and I think it should not be too hard on Java powered phones ;-)

with the proper coding, you don't have to accept or store a certificate for HTTPS connections.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents