[Serusers] Check_from()
Jiri Kuthan
jiri at iptel.org
Fri Oct 10 04:50:25 CEST 2003
At 04:36 AM 10/10/2003, Greg Fausak wrote:
>OK, so in the case of REGISTER I could
> do a check_to() and a check_from(), since they
> should all be equal. In case of an INVITE, just a check_from(),
> right?
yes (I'm not sure check_from is necessary for REGISTER, but it can't
harm. The primary threat which you wish to avoid is "jiri" digest-wise
manipulating "greg"'s contacts through REGISTER's To. From does not
affect usrloc content.)
>This makes sense why you do a check_to() after the www_authorize(),
> otherwise you wouldn't have the digest credentials.
Indeed -- verify credentials first, apply policy to them then.
-jiri
More information about the sr-users
mailing list