[Serusers] hijack another account
kcassidy at kakelma.mine.nu
kcassidy at kakelma.mine.nu
Thu Dec 2 15:27:38 CET 2004
Hi Andy,
But we can still hijack someone who is registered right?
On Thu, 2 Dec 2004, Andreas Granig wrote:
> kcassidy at kakelma.mine.nu wrote:
> > This only checks the REGISTER method. I think we need something to
> > check the URI in the INVITE method whether it's fake or not. Just my 2
> > cents.
>
> if(method == "INVITE" && proxy_authorize(...))
> {
> if(!check_from())
> {
> # from-user != authorized user
> }
> # proceed as usual here...
> }
>
> should do it.
>
> Andy
>
More information about the sr-users
mailing list