[Serusers] Proxy_authorize, www_authorize
Jiri Kuthan
jiri at iptel.org
Tue Jan 14 11:44:59 CET 2003
At 03:55 AM 1/11/2003, Greg Fausak wrote:
>What is the difference between these two functions?
Primarily an esthetic one. www_ should be used from user agents
(such as registrar). proxy_ from proxies. nothing bad happens
imho if use always use proxy_
>Also, when it comes to authentication, I've finally
>got my PSTN secure. It seems that every request
>that you want guarded must be preceeded by a
>www_authorize(), right? When I ngrep for the
>packets going back and forth, I see that each INVITE is
>now being authorized....not just the REGISTERs.
>
>I was assuming that you logged in and were authorized once, and
>then each request was under that login. However, I see that
>isn't the case, right??? You *can* make a INVITE request
>without REGISTERing...right?
Yes -- there is nothing what a phone would prevent from doing so.
Each request deserves its own security.
There may still be cases in which you do not wish to insist
on authentication: calls from other domains (like "your company's
new customer is contacting you first time and has of course
no password) or from devices without digest support (like Cisco
gateways, in which case you are left to checking request's
IP address).
-Jiri
More information about the sr-users
mailing list