[Kamailio-Devel] [ openser-Feature Requests-2726791 ] check r-r header of reply
SourceForge.net
noreply at sourceforge.net
Thu Apr 2 15:33:29 CEST 2009
Feature Requests item #2726791, was opened at 2009-04-02 16:33
Message generated for change (Tracker Item Submitted) made by juhe
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=2726791&group_id=139143
Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Private: No
Submitted By: Juha Heinanen (juhe)
Assigned to: Nobody/Anonymous (nobody)
Summary: check r-r header of reply
Initial Comment:
for security reasons, it should be possible to make kamailio to check, if r-r uris of reply match those of request. if check is not done, uac is vulnerable to proxy by-pass attack and nasty things may happen.
i prefer an implemenation, where the check is done automatically if a flag is set when request is sent. if check fails, positive reply need to be turned into a negative one.
-- juha
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=743023&aid=2726791&group_id=139143
More information about the Devel
mailing list