4 Mar
2005
4 Mar
'05
1:03 p.m.
Hi,
I'm trying to setup SER to only allow UAs to register their "location"
MySQL entry as specified in the "subscriber" table. Currently an
authorized user can set an arbritrary value in the "location" table.
Whats to prevent 1 authorized user from stealing anothers location
entry? For instance:
user1 - REGISTER sip:user1.blah.internal
user2 - REGISTER sip:user1.blah.internal
Now user2 has hijacked user1's location.
Thanks
JD
4 Mar
4 Mar
1:18 p.m.
Jan,
This is the purpose of the check_to() function in the uri.so module. It
check that the URI matches the user. Put this just before you save the
location:
if ( ! check_to() ) {
sl_send_reply( "401", "Unauthorized" );
break;
};
Alistair Cunningham,
Integrics Ltd,
Telephony, Database, Unix consulting worldwide
+44 (0)7870 699 479
http://integrics.com/
Jan Louw wrote:
Hi,
I'm trying to setup SER to only allow UAs to register their "location"
MySQL entry as specified in the "subscriber" table. Currently an
authorized user can set an arbritrary value in the "location" table.
Whats to prevent 1 authorized user from stealing anothers location
entry? For instance:
user1 - REGISTER sip:user1.blah.internal
user2 - REGISTER sip:user1.blah.internal
Now user2 has hijacked user1's location.
Thanks
JD
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
7214
days inactive
7214
days old
1 comments
2 participants
participants (2)
-
Alistair Cunningham -
Jan Louw