[OpenSER-Users] Multidomain and in-dialog REFER auth issue
Iñaki Baz Castillo
ibc at in.ilimit.es
Mon Oct 15 10:13:22 CEST 2007
El Monday 15 October 2007 09:58:36 Iñaki Baz Castillo escribió:
> How can my OpenSer know which domain this REFER goes? of course the "To"
> header is not valid at all.
>
> Could be a solution a SQL query to "location" table looking for the URI
> (sip:userB at 80.98.123.23:5060) and getting the username and domain of this?
Anyway this solution wouldn't be secure since userA at domainA.com could hack
its "From" header in the REFER and appears as "@domainB.com".
So I think I need to store dialog info in a table (in the 200-OK), with those
info:
- "From" header domain
- RURI domain
- fromtag
- totag
- "Call-ID" header
and query this table in REFER amtching fromtag, totag and Call-ID, and just
allow the REFER is "From" header and RURI domain are the same.
"Dialog" module is not valid for me since it doesn't store RURI.
Any suggestion about it? Thanks a lot.
--
Iñaki Baz Castillo
ibc at in.ilimit.es
More information about the sr-users
mailing list