[Serusers] Loose routing question
Klaus Darilion
klaus.mailinglists at pernau.at
Wed May 4 10:25:31 CEST 2005
Juha Heinanen wrote:
> i never suggested that you should try to authenticate in-dialog requests
> (which do have to-tag). what i questioned is why you would reject an
> INITIAL request, just because it includes a Route header, and you still
> haven't answered THAT question.
OK, got the point. The answer is simple: it's easier to deny things than
to think about potential risks and how to authenticate calls. I can't
think about a scenario where a user needs to send a request via my
proxy. This sounds like using the proxy as smart-relay and there is no
need for that.
Of course I could allow it loose_route out-of dialog requests and apply
proper authentication logic, but what do I lose if I simply prohibit
such requests?
regards,
klaus
More information about the sr-users
mailing list