[asterisk-users] Regarding caller ID and security

Tue, 09 Oct 2012 14:40:15 -0700 

Hi all,

I am new to Asterisk, and would like to begin by saying that it is an 
absolutely fantastic system. Seems incredibly stable, well tested, and easy to 
use.

Now, to my question. I am making a mix between a personal ads and a voicemail 
service, where I want each user to be able to submit an ad that others can 
respond to by recording messages that go into this users inbox. My original 
thought was to base this purely on the CALLERID(num) value, but quickly 
discovered that this is a bit unreliable. Sometimes when I would call in it'd 
say anonymous, other times it would give me a bunch of zero's, other times it 
would show me my real phone number, and once it actually gave me just random 
digits. I do have a wait call after answering but before my first soundf ile is 
triggered, in my pickup context. I am wondering what the best way to approach 
this is? Do I ask the user to enter their phone number, and then generate a 
code based upon this that will then serve as a password when you call back? Do 
I attempt to use CALLERID(num) to detect returning users, or is this not 
adviseable from a security perspective?

Preferably, I would like to avoid using a code altogether but I am told that it 
is relatively easy to spoof phone numbers to hack into someone else's inbox. 
Note that I do not plan to allow direct SIP calls, only through a PSTN/SIP 
provider where the IP address is on a whitelist. Any tips on how to approach 
this would be highly appreciated. Basically I want to make it as easy as 
possible for my users, but maintain high security.

Thanks in advance for any help, and thanks once again to the developers of 
Asterisk for making such an excellent tool!

Kind regards,

Philip Bennefall

P.S. I also wanted to know whether there is a function to check if a string 
contains only digits? This would be useful as a sanity check before I look up 
the phone number in the MySql database, if I do decide to use CALLERID(num) in 
this way.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
               http://www.asterisk.org/hello

asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
   http://lists.digium.com/mailman/listinfo/asterisk-users

Reply via email to