[SR-Users] loose_route security
Henning Westerholt
henning.westerholt at 1und1.de
Mon Apr 11 19:10:21 CEST 2011
On Monday 11 April 2011, Klaus Darilion wrote:
> Am 11.04.2011 10:17, schrieb Alex Balashov:
> > On 04/11/2011 03:25 AM, Klaus Darilion wrote:
> >> Thus: Check for to-tag. This is how you can differ out-of-dialog
> >> requests from in-dialog requests. Only if the to-tag is present, call
> >> loose_route().
> >
> > I suppose in principle the problem here is that has_totag() only checks
> > if there is *a* To-tag, not whether it is a valid To-tag associated with
> > a known dialog.
>
> Yes, that's the disadvantage of a transaction-only stateful proxy.
>
> Takeing a look at the previous problems with dialog module, and the
> recent problems, I prefer to not use dialog module even in the case
> someone my abuse my proxy as reflector. ;-)
Hi Klaus,
sure, there are issues. But we're using the dialog module since now since some
time in our production setup and it works fine for this particular feature
set.
Cheers,
Henning
More information about the sr-users
mailing list