[Serusers] DB logging issue
Paul PREVOT
prevot at enseirb.fr
Mon Jul 10 15:32:17 CEST 2006
Nobody is able to answer me? Is it impossible to ensure security with ser or
openser? Do I have to modify www_authorize()?
Regards,
Paul
-----Message d'origine-----
De : serusers-bounces at lists.iptel.org
[mailto:serusers-bounces at lists.iptel.org] De la part de Paul PREVOT
Envoyé : mardi 4 juillet 2006 11:06
À : serusers at iptel.org
Objet : [Serusers] DB logging issue
Hi all,
I am using the following code to log calls in DB:
modparam("acc ", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("acc", "log_level", 1)
#modparam("acc", "log_flag", 1)
modparam("acc", "db_flag", 3)
...
if (method=="INVITE") {
if (!www_authorize("mydomain.org", "subscriber")) {
www_challenge("mydomain.org", "0");
return;
};
setflag(3);
};
In the following situation:
Username : sip:tutu at mydomain.org
Login : toto
Pw : toto
This client would be able to handle the challenge as he has a valid login
and pw, but openser will log tutu in DB as caller!!!!
In this situation I'd like either to log correctly in DB or to reject the
call and ask user to setup his sip client properly.
Have you already experienced this issue? Do you have any idea how to fix it?
How can I check if username is really equals to login used for
authentication?
Regards,
Paul
_______________________________________________
Serusers mailing list
Serusers at lists.iptel.org
http://lists.iptel.org/mailman/listinfo/serusers
More information about the sr-users
mailing list