[OpenSIPS-Users] Presence Subscriptions from External Domains
Adrian Georgescu
ag at ag-projects.com
Thu Aug 26 12:46:49 CEST 2010
Hello,
I have a question maybe someone can help or comment.
How can one protect in the real world against faking the identity of presence subscriptions originating from foreign domains?
The scenario is:
Once userA at domainA accepts presence subscriptions from userB at domainB and his pre-rules is updated with this information, nobody stops somebody else to impersonate userB at domainB to send subscribe messages from any source and presenting the same From header.
How can the server that serves domainA check for the real identity of the foreign subscriber?
Can anyone comment what would be a good practical solution?
Regards,
Adrian
More information about the Users
mailing list