2 Dec
2004
2 Dec
'04
4:39 p.m.
Hi Java,
This only checks the REGISTER method. I think we need something to
check the URI in the INVITE method whether it's fake or not. Just my 2
cents.
P.S. I'm not a SIP expert :)
On Thu, 2 Dec 2004, Java Rockx wrote:
I think you can use something like this to make sure
digest credentials are valid.
if (method=="REGISTER") {
if (!www_authorize("", "subscriber")) {
www_challenge("",
"0");
break;
};
if (!check_to()) {
sl_send_reply("401",
"Unauthorized");
break;
};
save();
}
--- kcassidy(a)kakelma.mine.nu wrote:
Hi All,
I found an interesting problem. Set up is using xlite, SER 0.8.12 with
digest authentication enabled. I just realized that after I get
registered with account A. Then change the "username" (keep authorization
user to A) in Xlite to someone's SIP account (B). I can make calls using
B's credits while registration I'm using is still A's. Is there a way to
fix this?
In xlite you have parameters:
Username: (use for actual call, pass on to GW (e.g. pstn)
Authorization User: (use for registration)
Password: (use for registration)
_______________________________________________
Serusers mailing list
serusers(a)lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
__________________________________
Do you Yahoo!?
All your favorites on one personal page Try My Yahoo!
http://my.yahoo.com