[OpenSER-Users] Multidomain and in-dialog REFER auth issue
Iñaki Baz Castillo
ibc at in.ilimit.es
Mon Oct 15 11:37:11 CEST 2007
El Monday 15 October 2007 10:13:22 Iñaki Baz Castillo escribió:
> El Monday 15 October 2007 09:58:36 Iñaki Baz Castillo escribió:
> > How can my OpenSer know which domain this REFER goes? of course the "To"
> > header is not valid at all.
> >
> > Could be a solution a SQL query to "location" table looking for the URI
> > (sip:userB at 80.98.123.23:5060) and getting the username and domain of
> > this?
>
> Anyway this solution wouldn't be secure since userA at domainA.com could hack
> its "From" header in the REFER and appears as "@domainB.com".
Ops, there is no this issue since the "From" is checked against the auth
username in "check_from()".
Then the only I need is to store dialog original URI domain.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the Users
mailing list