[Serusers] PSTN Routing script problems
Greg Fausak
greg at august.net
Tue Feb 10 17:39:37 CET 2004
Alessio Focardi wrote:
>
>>
>>
>> The is_user_in() call looks in the credentials for the user_id,
>> and that user_id is used for a lookup in the grp table for a grp
>> with a value of 'local', ie:
>>
>> select * from grp where user_id = 'user_id' and grp = 'local';
>>
>> The reason credentials are used is because the from can be trivially
>> forged.
>
>
> ok, is not safe, I know it .... but why is not working ?
is_user_in uses the Authorization: credentials, not the From:!!!
>
>> is_user_in(): No authorized credentials found (error in scripts)
>
>
> what script ?
The same script you have the is_user_in() call. Put www_authorize()
above is_user_in() as I described.
---greg
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list