[Devel] case sensitiveness in permissions module
Bogdan-Andrei Iancu
bogdan at voice-system.ro
Thu Jan 11 12:25:40 CET 2007
Hi Klaus,
Klaus Darilion wrote:
> Bogdan-Andrei Iancu wrote:
>
>> Hi Klaus,
>>
>> depends on the purpose of the regexp - if they are to be used for
>> matching some case sensitive data, it this case REG_ICASE should not
>> be used. For example if you apply regexp on a SIP URI, the username
>> part may be case sensitive.......but not sure what the regexp is used
>> for ...
>
>
> really? does openser differ between klaus at domain and KLAUS at domain
> during save() and lookup()?
yes, it is a matter of configuration. See:
http://www.openser.org/docs/modules/1.2.x/registrar.html#AEN178
>
> I just checked: KLAUS at domain works fine too. It looks like the name is
> changed to lower case during save()
>
>> do you have any clue?
>
>
> My concern was if a user can bypass my permission screening by using
> capital letters. If the other parts of openser are not case sensitive,
> IMO the regexp should be case insensitive too (at least if not
> explicitly forced via a module parameter)
I agree, but do you found what information is checked via that regexps??
regards,
bogdan
>
> regards
> klaus
>
>>
>> regards,
>> Bogdan
>>
>> Klaus Darilion wrote:
>>
>>> Hi!
>>>
>>> I found that regcomp in permissions module does not always use the
>>> REG_ICASE flag. Thus is it necessary to write the regular expression
>>> in the allow/deny file with respect to case sensitiveness?
>>>
>>> regards
>>> klaus
>>>
>>>
>>
>
>
More information about the Devel
mailing list