15 Nov
2011
15 Nov
'11
4:06 a.m.
The problem, as you well know, is that not having the check allows a user A to impersonate
the identity of any other user B, as long as user A has his own valid credentials for
himself.
--
This message was painstakingly thumbed out on my mobile, so apologies for brevity, errors,
and general sloppiness.
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
On Nov 14, 2011, at 9:00 PM, Juha Heinanen <jh(a)tutpro.com> wrote:
Daniel-Constantin Mierla writes:
auth: added new error code to auth API
- AUTH_USER_MISMATCH = -8 -- to be returned when auth user mistmach
from/to header user
daniel,
is this addition backwards compatible with current auth_db, i.e., is the
check on by default?
i don't like it to be on by default, since in very common use cases,
from/to uri userpart does not match authentication username. for
example, from/to userpart could be an e.164 number +something, when auth
username could be a name.
-- juha
_______________________________________________
sr-dev mailing list
sr-dev(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev