Re: [SR-Users] Grab users password from WWW-Auth header

Well, reopening that thread seaking for some help again :( The solution is working pretty nice, and my config looks like that # authenticate requests if has_credentials("****"){ $var(y) = @msg.header.Authorization; xlog("$var(y)"); exec_avp("/etc/kamailio/login.py '$var(y)' '$rm'", "$avp(s:test)"); xlog("$avp(s:test)"); } if ($avp(s:test) != "1") { www_challenge(****", "1"); exit; } login.py returns 1 if creds are OK and 0 if no. Now I'm seeking help with such question - as I understand, currently anyone can register or auth his requests by using same Authorization header for all purposes. So, I mean, someone can grab Auth header from the user's packet and just use it to dig in the server. How to avoid that? As I understood it's implemented in Kamailio. Can you please tell me? Or give a link to RFC/doc where this is described? As I understood, I'll need to implement that in my script, or maybe I can use some built-it functions? 2015-11-13 19:52 GMT+02:00 Alexandru Covalschi <568691(a)gmail.com>om>: -- Alexandru Covalschi ABRISS-Solutions VoIP engineer and system administrator phone: +37367398493 web: http://abs-telecom.com/