Callback FAQ: Difference between revisions
(Created page with "===Q. What are the prerequisites for using the callback script?=== There are no additional prerequisites beyond those needed for Asterisk and FreePBX. If you use the CALLBACK...") |
No edit summary |
||
| Line 5: | Line 5: | ||
===Q. Are there security implications in using the callback script?=== | ===Q. Are there security implications in using the callback script?=== | ||
The use of callback potentially opens up functions of your system which are normally reserved to internal users, it is important to thoroughly test your callback configuration. | |||
The CALLBACK_ALLOWED configuration can help to increase security by restricting the numbers which will be called back. | |||
If you use the MySQL database to store allowed callback numbers then you open callback up to whoever is able to write into the sql table you are using. You should test the query thoroughly to ensure that it does not return rows in the case of unknown numbers or unauthorized numbers. | |||
The use of the CALLBACK_ALLOWED parameter is only secure if the callerid you receive comes from a trusted source. If your provider that does not guard against spoofing of callerids on incoming calls then CALLBACK_ALLOWED will not protect you fully. | |||
As a further precaution, where the callback destination is DISA, consider using a further level of protection via a PIN code which can be set up in FreePBX GUI. | |||
===When reporting a problem what information should I provide?=== | |||
Please see [[Callback Support|here]] | |||
Revision as of 16:07, 13 June 2016
Q. What are the prerequisites for using the callback script?
There are no additional prerequisites beyond those needed for Asterisk and FreePBX. If you use the CALLBACK_ALLOWED configuration to point to a database, then that will introduce additional requirements (the database availability) for call processing.
Q. Are there security implications in using the callback script?
The use of callback potentially opens up functions of your system which are normally reserved to internal users, it is important to thoroughly test your callback configuration.
The CALLBACK_ALLOWED configuration can help to increase security by restricting the numbers which will be called back.
If you use the MySQL database to store allowed callback numbers then you open callback up to whoever is able to write into the sql table you are using. You should test the query thoroughly to ensure that it does not return rows in the case of unknown numbers or unauthorized numbers.
The use of the CALLBACK_ALLOWED parameter is only secure if the callerid you receive comes from a trusted source. If your provider that does not guard against spoofing of callerids on incoming calls then CALLBACK_ALLOWED will not protect you fully.
As a further precaution, where the callback destination is DISA, consider using a further level of protection via a PIN code which can be set up in FreePBX GUI.
When reporting a problem what information should I provide?
Please see here