Nobody is able to answer me? Is it impossible to ensure security with ser or openser? Do I have to modify www_authorize()?
Regards, Paul
-----Message d'origine----- De : serusers-bounces@lists.iptel.org [mailto:serusers-bounces@lists.iptel.org] De la part de Paul PREVOT Envoyé : mardi 4 juillet 2006 11:06 À : serusers@iptel.org Objet : [Serusers] DB logging issue
Hi all,
I am using the following code to log calls in DB:
modparam("acc ", "db_url", "mysql://openser:openserrw@localhost/openser") modparam("acc", "log_level", 1) #modparam("acc", "log_flag", 1) modparam("acc", "db_flag", 3)
... if (method=="INVITE") { if (!www_authorize("mydomain.org", "subscriber")) { www_challenge("mydomain.org", "0"); return; }; setflag(3); };
In the following situation:
Username : sip:tutu@mydomain.org Login : toto Pw : toto
This client would be able to handle the challenge as he has a valid login and pw, but openser will log tutu in DB as caller!!!!
In this situation I'd like either to log correctly in DB or to reject the call and ask user to setup his sip client properly.
Have you already experienced this issue? Do you have any idea how to fix it? How can I check if username is really equals to login used for authentication?
Regards, Paul
_______________________________________________ Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers