14 Jan
2003
14 Jan
'03
12:44 p.m.
At 03:55 AM 1/11/2003, Greg Fausak wrote:
What is the difference between these two functions?
Primarily an esthetic one. www_ should be used from user agents
(such as registrar). proxy_ from proxies. nothing bad happens
imho if use always use proxy_
Also, when it comes to authentication, I've
finally
got my PSTN secure. It seems that every request
that you want guarded must be preceeded by a
www_authorize(), right? When I ngrep for the
packets going back and forth, I see that each INVITE is
now being authorized....not just the REGISTERs.
I was assuming that you logged in and were authorized once, and
then each request was under that login. However, I see that
isn't the case, right??? You *can* make a INVITE request
without REGISTERing...right?
Yes -- there is nothing what a phone would prevent from doing so.
Each request deserves its own security.
There may still be cases in which you do not wish to insist
on authentication: calls from other domains (like "your company's
new customer is contacting you first time and has of course
no password) or from devices without digest support (like Cisco
gateways, in which case you are left to checking request's
IP address).
-Jiri