thr3ads.net - asterisk users - [Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users [Nov 2004]

If this information is useful, please help other people find it:
Share via:

Roger Schreiter

2004-Nov-03 10:52 UTC

[Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users

Hi,

it wasn't a fraud, just a coding error, by one of our customers:
There were binary data in the caller id passed by SIP,
obviously including an apostrophe.

addon_mysql_cdr seems not to mask those binary data or
apostrophes (') and therefore the mysql insert command
failed.

That's good for the customer, because he won't be billed
for that call.

Now I wonder, if one could also find a special string
as caller id, which would disturb the ordinary
cdr on file, maby one could inlcude a newline (\n)?


Are there any solutions to avoid cdr manipulations
by users, who prepare special caller id strings?


Roger.

Brancaleoni Matteo

2004-Nov-03 11:03 UTC

head link

[Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users

Hi,
> Are there any solutions to avoid cdr manipulations
> by users, who prepare special caller id strings?
set the callerid from asterisk. don't let others
to set it.

Matteo.

-- 
Brancaleoni Matteo <mbrancaleoni@espia.it>
Espia Srl

asterisk users - Nov 2004 - addon_mysql_cdr allows fraud by sip or iax users

[Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users

[Asterisk-Users] addon_mysql_cdr allows fraud by sip or iax users