Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

CiscoIPPhoneInput Param Encryption?

When a field is defined as password, will it be sent as plain texts or ciphertexts?

Any alternatives if it is sent as plain texts?

Thx ;)


Re: CiscoIPPhoneInput Param Encryption?

It's sent as plaintext and as a query string parameter. I'm not aware of any other way - but I'm sure with the move to https, we'll see https support for phones sooner rather than later - I guess the biggest challenge is certificates since you can't just accept a certificate on the phone as you'd do in a webbrowser.

In the meantime, I'd rely on separate VLANs and port authentication on the switch to ensure nobody hook in between the phone and the switch to get the traffic - and if you have untrustworthy individuals having access to the backbone of your network, you have a whole set of different problems that encryption of ip phone services won't cure.

Re: CiscoIPPhoneInput Param Encryption?

:-) yes, and I think it should not be too hard on Java powered phones ;-)

with the proper coding, you don't have to accept or store a certificate for HTTPS connections.

CreatePlease to create content