[Freeswitch-users] Freeswitch security and BLF

[Petarr Jones]

Hi

The following question is based on the fact that I am trying configure Freeswitch so that users can simply add an extension number in the BLF field of the phone but "user id" is alphanumeric.

I am making the assumption that having a "user id" of freeswitchuser1001 at example.com is better than 1001 since the fraudsters would automatically try extensions but are less likely to know a complicated username? Would that logic only hold true if I am using TLS?

If this is correct, and I use the "number-alias" to link the "user id" and user's extension, what would I have to use in the BLF field of the phone.

Also, in the documentation there is a warning about using "number-alias" with mod_xml_curl. When will this be an issue and should I consider a different approach?

(no sure if I can ask this last question here - should I be asking the Kamailio crowd)
I have considered using Kamailio to do the authentication and then re-write the SIP request to only include extension when it gets passed to Freeswitch but don't understand the BLF mechanism and how that would then work. Would it be better for Kamailio to manage the BLF functionality?

All help greatly appreciated.
Petarr



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20190817/5f9e0ff6/attachment-0001.html>