[asterisk-users] Regarding caller ID and security
Philip Bennefall
philip at blastbay.com
Tue Oct 9 16:17:31 CDT 2012
Hi all,
I am new to Asterisk, and would like to begin by saying that it is an absolutely fantastic system. Seems incredibly stable, well tested, and easy to use.
Now, to my question. I am making a mix between a personal ads and a voicemail service, where I want each user to be able to submit an ad that others can respond to by recording messages that go into this users inbox. My original thought was to base this purely on the CALLERID(num) value, but quickly discovered that this is a bit unreliable. Sometimes when I would call in it'd say anonymous, other times it would give me a bunch of zero's, other times it would show me my real phone number, and once it actually gave me just random digits. I do have a wait call after answering but before my first soundf ile is triggered, in my pickup context. I am wondering what the best way to approach this is? Do I ask the user to enter their phone number, and then generate a code based upon this that will then serve as a password when you call back? Do I attempt to use CALLERID(num) to detect returning users, or is this not adviseable from a security perspective?
Preferably, I would like to avoid using a code altogether but I am told that it is relatively easy to spoof phone numbers to hack into someone else's inbox. Note that I do not plan to allow direct SIP calls, only through a PSTN/SIP provider where the IP address is on a whitelist. Any tips on how to approach this would be highly appreciated. Basically I want to make it as easy as possible for my users, but maintain high security.
Thanks in advance for any help, and thanks once again to the developers of Asterisk for making such an excellent tool!
Kind regards,
Philip Bennefall
P.S. I also wanted to know whether there is a function to check if a string contains only digits? This would be useful as a sanity check before I look up the phone number in the MySql database, if I do decide to use CALLERID(num) in this way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-users/attachments/20121009/0c43789a/attachment.htm>
More information about the asterisk-users
mailing list