Re: [asterisk-users] dahdi-channels.conf for Digium TDM2400
Hi,
On Wed, Dec 22, 2010 at 9:49 AM, Alex Saavedra <
a...@masterline-logistics.com> wrote:
>
> I have noticed thar our dahdi-channels.conf has some repeating directives,
> for instance for channel 2 (FXO) we have these settings:
>
> ;;; line="2 WCTDM/0/1 FXSKS"
> signalling=fxs_ks
> callerid=asreceived
> group=0
> context=from-pstn
> channel => 2
> callerid=
> group=
> context=default
>
>
> As you can see, a few directives are repeated (callerid, group, context).
> This was generated by DAHDI tools, and since it's working I didn't want to
> change it. Is it safe to remove them?
>
Short Answer: NO!!
Longer Answer: The settings all apply to channels, which are defined by the
"channel => 2" directive. If I'm remembering correctly, the channel is "set"
at the end of the Stanza, not at the beginning. So, your blank callerid and
group would apply to your next channel directive (3?). Now, I remember
reading there
is a way to flip the channel definition bit ("channel => XX") to the top of
the stanza, but can't recall. Now, if in between two channel definitions you
have repetition, it might be ok to trim things up, as long as it has the
right information -- the last setting is the effective one. And the bit that
starts ";;;" is a comment, which is
actually ignored by asterisk.
Hope this helps,
Gerald.
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Hi Bruce, On Sat, Jul 10, 2010 at 2:17 PM, bruce bruce wrote: > > I have my html/php file set so that the input field only takes 3 digit 3 > digit 4 digit (NPA, NXX, Block) so your purposal of: *'201,0); drop > database YOUR_DATABASE'; *would fail due to big length and also I tested > with inputing letters and my IF function caught it and exited. > > Further more, everything else (other than phone input fields) is drop down > boxes with specific numbers or letters inserted in them. I should be 100% > safe with those right? > Another moment of trepidation should be triggered when you use the words "input field" as related to forms. While most people will use an ordinary web browser and whatever fields you provide, hackers aren't most people. Anyone wanting to break your site isn't going to be nice and follow the nice rules and use the forms which might have validation. Even beginner not-nicers can put together a simple form with your POST as their target and whatever field lengths and values as they want. You have to treat all input as hostile, since it all can be. It's the only way you can be safe. Thanks, Gerald -- _ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- New to Asterisk? Join us for a live introductory webinar every Thurs: http://www.asterisk.org/hello asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] PHP can't insert - Can someone please help
Hi Bruce,
On Sat, Jul 10, 2010 at 11:12 AM, bruce bruce wrote:
> Further to my last post, I added this to santize. I also created a new
> mysql user with access to only findmefollow portion of the asterisk table
> for limited access and assigned only two simultaneous connections with only
> 10 changes queries per hour (as I know that no more queries will be put
> through probably)
>
> if ($npaa>=200 && $nxxa>=200 && $npaa!=900 && $npaa!=911)
>
> Should that suffice against SQL injections? The if condition changes the
> string to number so it removes the chance of people adding
> other characters and it also sticks to format NPAN or 2XX2.
>
There are two things -- the first is, who call this script? If it's
something you control 100%, you can mitigate the risk a bit. I don't really
like this tact, because if the script gets repurposed, you end up with
something that could be very dangerous.
The second thing is simple -- most people think small here, but you have to
think big and know a bit about how PHP works. PHP strings are pretty amazing
things, and one of the pesky things is that you can put all kinds of things
in it. Now, if that string variable is created as a result of a form input,
then that string can be anything. For a moment, think about if it $npaa =
'201,0); drop database YOUR_DATABASE'; Now, that is pretty nasty, and it
would muck up further SQL injections, but now you get the idea. You should
always check to make sure the data you are getting is what you are
expecting, and exclude what you aren't.
So, are your tests sufficient? I can't remember off the top of my head if
the string -> integer only considers the first number, or it considers the
whole string. (PHP usually errs on the side of ease of use, so I think my
snippet above would still pass your test). If your expecting only numbers,
I'd write a function that ensures that only numbers are parts of the input.
(And not just for the 3 above variables).
Really, you should never see $_POST("var") (or any PHP CGI variable) that
derives directly from user input.
It takes a few minutes extra, but it'll save hours of sorting later if you
get hit by a SQL injection.
Hope this helps,
Gerald
--
_
-- Bandwidth and Colocation Provided by http://www.api-digital.com --
New to Asterisk? Join us for a live introductory webinar every Thurs:
http://www.asterisk.org/hello
asterisk-users mailing list
To UNSUBSCRIBE or update options visit:
http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Can't create audio conversation betweensoftphonesthrough Asterisk
Hi, On 8/27/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > Thanks very much for the help, I appreciate it. Recently, one of my > co-workers and I have altered the code to just register with the Asterisk > server and place an audio call. This gets rid of the subscription part of > the application, so I do not get the "489 Bad Event" error anymore. I > believe the "488 Not Acceptable Here" error occurs when the invite is being > sent. After the sdp body and header information are created, they are sent > as an invite for the audio call. The problem seems to be some part of the > invite that we are sending. I have a hunch that it may have to do with the > codecs that the Jain-phone chooses. I will continue looking into this. > Glad to hear you were able to get some traction with the voice calling. Is the presence bit something that is critical to your custom app? I'm going to be fiddling with some soft phone stuff soon, so I am still planning on taking a peek at Jain just for the heck of it. Keep me updated on your progress, and if you need any assistance, give me a shout. Thanks, Gerald. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Can't create audio conversation between softphonesthrough Asterisk
Hi, On 8/27/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: > > > In the early stages of deciding how to try and develop this environment, I > looked at all the protocols that could be used. SIP was chosen just because > it seemed to me that it was the most widely used protocol. I believe IAX is > a new protocol with a little less documentation and examples. The good thing > about this Jain-sip-phone is that it saves a lot of time since many of the > important classes are more or less written already. In short, my goal is to > create a custom softphone GUI interface. I am using this Jain-sip-phone as > an example, so that I could learn the SIP protocol/RTP transmission better. > The reason I asked is because IAX works better through firewalls and is easier to troubleshoot. It's not as widely deployed as SIP, but it does work around some major things that SIP makes harder. I'm not sure of the quality or lineage of the JAIN application code, so can't comment if it's a good jumping off point. I have not really started altering much of the code yet because I was trying > to see if it would run as is, so I have not tried dialing the Jain clients > without a subscription. I believe Asterisk does accept subscription > requests, but for some reason it doesn't like this one. I will soon start to > experiment with the source code. > Subscription is used for presence. It can be used in an IM type app, or to "light up" a button on a phone when someone is busy. It shouldn't be needed to exchange a call though, and if you can do it without the subscription piece then it could help to pin down the issue you are having. (It might be _just_ the subscribe that is having an issue). I should have time later this afternoon to check your traces, and I'll try and give Jain a kick. Thanks, Gerald. ___ --Bandwidth and Colocation Provided by http://www.api-digital.com-- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Re: [asterisk-users] Re: Remote extensions not working on provider's wireless Internet connection
Hi Zeeshan, On 5/13/07, Zeeshan Zakaria <[EMAIL PROTECTED]> wrote: I've solved this problem. It was very easy (only if I knew how to do it before). I changed the UDP ports, i.e. 1. In sip.conf, bindport=5070 2. In my IP Phone server settings, www.myserver.com:5070 Now it seems to be working good and I hope there'll be no more problem with it. Sorry for not replying earlier; I got your note late, and then when I woke up had no Internet. Ah, the joys of Rogers. I'm glad to hear you solved it -- my only concern would be if you now want to connect "ordinary" 5060 looking phones. I will do a bit of research, I'm sure Asterisk can bind to more then one port. Thanks, Gerald ___ --Bandwidth and Colocation provided by Easynews.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
