Hi Java,
This only checks the REGISTER method. I think we need something to check the URI in the INVITE method whether it's fake or not. Just my 2 cents.
P.S. I'm not a SIP expert :)
On Thu, 2 Dec 2004, Java Rockx wrote:
I think you can use something like this to make sure digest credentials are valid.
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("", "0"); break;};
if (!check_to()) {
sl_send_reply("401", "Unauthorized"); break;};
save(); }
--- kcassidy@kakelma.mine.nu wrote:
Hi All,
I found an interesting problem. Set up is using xlite, SER 0.8.12 with digest authentication enabled. I just realized that after I get registered with account A. Then change the "username" (keep authorization user to A) in Xlite to someone's SIP account (B). I can make calls using B's credits while registration I'm using is still A's. Is there a way to fix this?
In xlite you have parameters:
Username: (use for actual call, pass on to GW (e.g. pstn) Authorization User: (use for registration) Password: (use for registration)
Serusers mailing list serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
__________________________________ Do you Yahoo!? All your favorites on one personal page Try My Yahoo! http://my.yahoo.com