At 03:55 AM 1/11/2003, Greg Fausak wrote:
What is the difference between these two functions?
Primarily an esthetic one. www_ should be used from user agents (such as registrar). proxy_ from proxies. nothing bad happens imho if use always use proxy_
Also, when it comes to authentication, I've finally got my PSTN secure. It seems that every request that you want guarded must be preceeded by a www_authorize(), right? When I ngrep for the packets going back and forth, I see that each INVITE is now being authorized....not just the REGISTERs.
I was assuming that you logged in and were authorized once, and then each request was under that login. However, I see that isn't the case, right??? You *can* make a INVITE request without REGISTERing...right?
Yes -- there is nothing what a phone would prevent from doing so. Each request deserves its own security.
There may still be cases in which you do not wish to insist on authentication: calls from other domains (like "your company's new customer is contacting you first time and has of course no password) or from devices without digest support (like Cisco gateways, in which case you are left to checking request's IP address).
-Jiri