Hi all,
I am new to Asterisk, and would like to begin by saying that it is an
absolutely fantastic system. Seems incredibly stable, well tested, and easy to
use.
Now, to my question. I am making a mix between a personal ads and a voicemail
service, where I want each user to be able to submit an ad that others can
respond to by recording messages that go into this users inbox. My original
thought was to base this purely on the CALLERID(num) value, but quickly
discovered that this is a bit unreliable. Sometimes when I would call in it'd
say anonymous, other times it would give me a bunch of zero's, other times it
would show me my real phone number, and once it actually gave me just random
digits. I do have a wait call after answering but before my first soundf ile is
triggered, in my pickup context. I am wondering what the best way to approach
this is? Do I ask the user to enter their phone number, and then generate a
code based upon this that will then serve as a password when you call back? Do
I attempt to use CALLERID(num) to detect returning users, or is this not
adviseable from a security perspective?
Preferably, I would like to avoid using a code altogether but I am told that it
is relatively easy to spoof phone numbers to hack into someone else's inbox.
Note that I do not plan to allow direct SIP calls, only through a PSTN/SIP
provider where the IP address is on a whitelist. Any tips on how to approach
this would be highly appreciated. Basically I want to make it as easy as
possible for my users, but maintain high security.
Thanks in advance for any help, and thanks once again to the developers of
Asterisk for making such an excellent tool!
Kind regards,
Philip Bennefall
P.S. I also wanted to know whether there is a function to check if a string
contains only digits? This would be useful as a sanity check before I look up
the phone number in the MySql database, if I do decide to use CALLERID(num) in
this way.
--
_____________________________________________________________________
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users