[Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users

Roger Schreiter roger at planinternet.de
Wed Nov 3 10:52:14 MST 2004


Hi,

it wasn't a fraud, just a coding error, by one of our customers:
There were binary data in the caller id passed by SIP,
obviously including an apostrophe.

addon_mysql_cdr seems not to mask those binary data or
apostrophes (') and therefore the mysql insert command
failed.

That's good for the customer, because he won't be billed
for that call.

Now I wonder, if one could also find a special string
as caller id, which would disturb the ordinary
cdr on file, maby one could inlcude a newline (\n)?


Are there any solutions to avoid cdr manipulations
by users, who prepare special caller id strings?


Roger.




More information about the asterisk-users mailing list