[Serusers] Limiting REGISTER requests (newbie)
Alistair Cunningham
acunningham at integrics.com
Fri Mar 4 13:18:01 CET 2005
Jan,
This is the purpose of the check_to() function in the uri.so module. It
check that the URI matches the user. Put this just before you save the
location:
if ( ! check_to() ) {
sl_send_reply( "401", "Unauthorized" );
break;
};
Alistair Cunningham,
Integrics Ltd,
Telephony, Database, Unix consulting worldwide
+44 (0)7870 699 479
http://integrics.com/
Jan Louw wrote:
> Hi,
>
> I'm trying to setup SER to only allow UAs to register their "location"
> MySQL entry as specified in the "subscriber" table. Currently an
> authorized user can set an arbritrary value in the "location" table.
> Whats to prevent 1 authorized user from stealing anothers location
> entry? For instance:
>
> user1 - REGISTER sip:user1.blah.internal
> user2 - REGISTER sip:user1.blah.internal
>
> Now user2 has hijacked user1's location.
>
> Thanks
> JD
>
>
> _______________________________________________
> Serusers mailing list
> serusers at lists.iptel.org
> http://lists.iptel.org/mailman/listinfo/serusers
>
>
More information about the sr-users
mailing list