2 Dec
2004
2 Dec
'04
2:27 p.m.
Hi Andy,
But we can still hijack someone who is registered right?
On Thu, 2 Dec 2004, Andreas Granig wrote:
kcassidy@kakelma.mine.nu wrote:
This only checks the REGISTER method. I think we need something to check the URI in the INVITE method whether it's fake or not. Just my 2 cents.
if(method == "INVITE" && proxy_authorize(...)) { if(!check_from()) { # from-user != authorized user } # proceed as usual here... }
should do it.
Andy