Hi Andy,
But we can still hijack someone who is registered right?
On Thu, 2 Dec 2004, Andreas Granig wrote:
kcassidy(a)kakelma.mine.nu wrote:
This only checks the REGISTER method. I think
we need something to
check the URI in the INVITE method whether it's fake or not. Just my 2
cents.
if(method == "INVITE" && proxy_authorize(...))
{
if(!check_from())
{
# from-user != authorized user
}
# proceed as usual here...
}
should do it.
Andy