[sr-dev] git:master: auth: added new error code to auth API
Alex Balashov
abalashov at evaristesys.com
Tue Nov 15 03:06:46 CET 2011
The problem, as you well know, is that not having the check allows a user A to impersonate the identity of any other user B, as long as user A has his own valid credentials for himself.
--
This message was painstakingly thumbed out on my mobile, so apologies for brevity, errors, and general sloppiness.
Alex Balashov - Principal
Evariste Systems LLC
260 Peachtree Street NW
Suite 2200
Atlanta, GA 30303
Tel: +1-678-954-0670
Fax: +1-404-961-1892
Web: http://www.evaristesys.com/
On Nov 14, 2011, at 9:00 PM, Juha Heinanen <jh at tutpro.com> wrote:
> Daniel-Constantin Mierla writes:
>
>> auth: added new error code to auth API
>>
>> - AUTH_USER_MISMATCH = -8 -- to be returned when auth user mistmach
>> from/to header user
>
> daniel,
>
> is this addition backwards compatible with current auth_db, i.e., is the
> check on by default?
>
> i don't like it to be on by default, since in very common use cases,
> from/to uri userpart does not match authentication username. for
> example, from/to userpart could be an e.164 number +something, when auth
> username could be a name.
>
> -- juha
>
> _______________________________________________
> sr-dev mailing list
> sr-dev at lists.sip-router.org
> http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-dev
More information about the sr-dev
mailing list