Uploaded image for project: 'FreePBX'
  1. FreePBX
  2. FREEPBX-5970

Add basic security to PIN Sets module



    • Type: New Feature
    • Status: Closed
    • Priority: Blocker
    • Resolution: Duplicate
    • Affects Version/s: 2.10
    • Fix Version/s: None
    • Component/s: PIN Sets
    • Labels:
    • ToDo:


      Issues with the current behavior of the PIN Set module:

      1. The Pin Sets module allows the administrator to see the pins in clear text. This functionality is not acceptable in situations where privacy and system security are a big concern (almost everywhere?). The PBX administrator can be held responsible for pin use, as she has permanent access to this sensitive information.

      2. There is no mechanism to identify the person that a pin belongs to, due to the fact that Pin Sets are basically text files with only one element per line. When displaying call reports, the accountcode field displays the pin used; for medium-sized organizations where long distance communication is common but controlled for a considerable number of users, it is difficult to remember to whom a pin belongs, and the privacy issue of displaying the pins arises again. A simple text description would be enough.

      3. When having to setup multiple Pin Sets, sometimes you find that special users have usually the same pin in most of those Pin Sets. There is no mechanism to reuse a pin in different Pin Sets.

      Feature Request:

      Upgrade the Pin Sets module to provide:

      - Storage of ciphered PINs instead of clear text.

      - Hide the PINs from the PBX administrators.

      - A mechanism to link a user's name with its PINs. (Maybe allow users to manage their PINs through the User Portal???).

      - A mechanism to allow PIN reuse in different PIN Sets.

        Gliffy Diagrams


            Issue Links



                • Assignee:
                  abeato abeato
                • Votes:
                  0 Vote for this issue
                  0 Start watching this issue


                  • Created:


                    Error rendering 'slack.nextup.jira:nextup-jira-plus-status'. Please contact your Jira administrators.