<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content="text/html; charset=iso-8859-1" http-equiv=Content-Type>
<META name=GENERATOR content="MSHTML 8.00.6001.23415">
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT size=2 face=Arial>Hi all,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>I am new to Asterisk, and would like to begin by
saying that it is an absolutely fantastic system. Seems incredibly stable, well
tested, and easy to use.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Now, to my question. I am making a mix between a
personal ads and a voicemail service, where I want each user to be able to
submit an ad that others can respond to by recording messages that go into this
users inbox. My original thought was to base this purely on the CALLERID(num)
value, but quickly discovered that this is a bit unreliable. Sometimes when I
would call in it'd say anonymous, other times it would give me a bunch of
zero's, other times it would show me my real phone number, and once it actually
gave me just random digits. I do have a wait call after answering but before my
first soundf ile is triggered, in my pickup context. I am wondering what the
best way to approach this is? Do I ask the user to enter their phone number, and
then generate a code based upon this that will then serve as a password when you
call back? Do I attempt to use CALLERID(num) to detect returning users, or is
this not adviseable from a security perspective?</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Preferably, I would like to avoid using a code
altogether but I am told that it is relatively easy to spoof phone numbers to
hack into someone else's inbox. Note that I do not plan to allow direct SIP
calls, only through a PSTN/SIP provider where the IP address is on a whitelist.
Any tips on how to approach this would be highly appreciated. Basically I want
to make it as easy as possible for my users, but maintain high
security.</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Thanks in advance for any help, and thanks once
again to the developers of Asterisk for making such an excellent
tool!</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Kind regards,</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>Philip Bennefall</FONT></DIV>
<DIV><FONT size=2 face=Arial></FONT> </DIV>
<DIV><FONT size=2 face=Arial>P.S. I also wanted to know whether there is a
function to check if a string contains only digits? This would be useful as a
sanity check before I look up the phone number in the MySql database, if I do
decide to use CALLERID(num) in this way.</FONT></DIV></BODY></HTML>