24 Mar
2012
24 Mar
'12
12:34 a.m.
Clearly, you can only authenticate sequential requests corresponding to calls whose
initial requests were subject to authentication. If the initial request was not
authenticated, there is no reason to believe that the endpoint would support
authentication of sequential requests.
As to whether you should do this, that is a controversial matter. I suppose that the
security-maximising approach would be to challenge all requests, but it invites problems
with many endpoints.
--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Atlanta, GA 30030
Tel: +1-678-954-0671
Web: http://www.evaristesys.com/, http://www.alexbalashov.com
David <kamailio.org(a)spam.lublink.net> wrote:
Hello,
Should I be requiring users to authenticate before letting
them into loose_route(); ? What about anonymous calls from E164, how do
I authenticate these calls after they have started?
Thanks,
David
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users(a)lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users