Version 0.1.9 from FTP

git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@353 65c4cc65-6c06-0410-ace0-fbb531ad65f3

SECURITY

@@ -0,0 +1,38 @@
+==== Security Notes with Asterisk ====
+
+PLEASE READ THE FOLLOWING IMPORTANT SECURITY RELATED INFORMATION.  
+IMPROPER CONFIGURATION OF ASTERISK COULD ALLOW UNAUTHORIZED USE OF YOUR
+FACILITIES, POTENTIALLY INCURRING SUBSTANTIAL CHARGES.
+
+First and foremost remember this:
+
+USE THE EXTENSION CONTEXTS TO ISOLATE OUTGOING OR TOLL SERVICES FROM ANY
+INCOMING CONNECTIONS.
+
+You should consider that if any channel, incoming line, etc can enter an
+extension context that it has the capability of accessing any extension
+within that context. 
+
+Therefore, you should NOT allow access to outgoing or toll services in
+contexts that are accessible (especially without a password) from incoming
+channels, be they IAX channels, FX or other trunks, or even untrusted
+stations within you network.  In particular, never ever put outgoing toll
+services in the "default" context.  To make things easier, you can include
+the "default" context within other private contexts by using:
+
+	include => default
+
+in the appropriate section.  A well designed PBX might look like this:
+
+[longdistance]
+exten => _91NXXNXXXXXX,1,Dial,Tor/g2/BYEXTENSION
+include => local
+
+[local]
+exten => _9NXXNXXX,1,Dial,Tor/g2/BYEXTENSION
+include => default
+
+[default]
+exten => 6123,Dial,Tor/1
+
+