asterisk users - Aug 2016 - Removing mailbox and password prompt for voicemail

>
> But did you understand every line and what it was doing?
>
They are quite self-explanatory, so of-course I understand them.

> Too much information missing.  Perhaps instead of asking how to
> implement the solution that you have already decided on you should
> instead tell us what problem you are trying to solve.  Are you really
> trying to make your voicemail available to anyone who calls you or are
> you limiting it to just the registered phone?  How are you accessing VM

I am using ODBC realtime storage with Asterisk. Currently, with no password
set, a user can dial the voicemail number to retrieve their own voicemail,
without needing to enter a password (without hearing the password prompt).
However, there is still a 'mailbox' prompt played, and if a different
mailbox number is entered after this prompt, then a password can be entered
(if set) which intrudes into the other person's mailbox. I want to remove
this 'mailbox' prompt so that users won't have this opportunity to
access
another person's mailbox.

That's exactly what I mean.  That's why you need to password
protect
> it.

I am yet to test this behaviour in Asterisk during the Unavailable/Busy
message. However, if this is the case, then this seems to be an illogical
security hole in Asterisk's design. Why does Asterisk allow accessing
another person's mailbox by pressing the '*' key, while listening to
*the
other person's* unavailable message?

Nabeel
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/e037172e/attachment.html>

On 01/08/16 09:08, Nabeel wrote:
> I am yet to test this behaviour in Asterisk during the 
> Unavailable/Busy message. However, if this is the case, then this 
> seems to be an illogical security hole in Asterisk's design. Why does 
> Asterisk allow accessing another person's mailbox by pressing the
'*'
> key, while listening to /the other person's/ unavailable message?
>
So you can access your own voicemail remotely.

Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/87424572/attachment.html>

On Mon, 1 Aug 2016 09:08:36 +0100
Nabeel <nabeelshikder at gmail.com> wrote:
> I am using ODBC realtime storage with Asterisk. Currently, with no
> password set, a user can dial the voicemail number to retrieve their
From their own phone or from any phone?
> I am yet to test this behaviour in Asterisk during the
> Unavailable/Busy message. However, if this is the case, then this
> seems to be an illogical security hole in Asterisk's design. Why does
> Asterisk allow accessing another person's mailbox by pressing the
'*'
> key, while listening to *the other person's* unavailable message?
It's not for accessing another person's mailbox.  It's for accessing
your own when you are away from home/office.

-- 
D'Arcy J.M. Cain
System Administrator, Vex.Net
http://www.Vex.Net/ IM:darcy at Vex.Net
VoIP: sip:darcy at Vex.Net

>
> From their own phone or from any phone?
>
>From their own phone. If calling from any other phone, the only difference
- for entering the same mailbox - is to enter the mailbox number
immediately after the 'mailbox' prompt,


> It's not for accessing another person's mailbox.  It's for
accessing
> your own when you are away from home/office.

For my setup, the user only needs to access their mailbox from their
registered device, not from any other phone. This is why I am trying to
remove the 'mailbox' prompt altogether, because it is more efficient for
users to skip that step if possible.

Nabeel
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.digium.com/pipermail/asterisk-users/attachments/20160801/e2155d70/attachment.html>