[SR-Users] Authentication on loose_route();
Alex Balashov
abalashov at evaristesys.com
Fri Mar 23 23:34:05 CET 2012
Clearly, you can only authenticate sequential requests corresponding to calls whose initial requests were subject to authentication. If the initial request was not authenticated, there is no reason to believe that the endpoint would support authentication of sequential requests.
As to whether you should do this, that is a controversial matter. I suppose that the security-maximising approach would be to challenge all requests, but it invites problems with many endpoints.
--
Alex Balashov - Principal
Evariste Systems LLC
235 E Ponce de Leon Ave
Suite 106
Atlanta, GA 30030
Tel: +1-678-954-0671
Web: http://www.evaristesys.com/, http://www.alexbalashov.com
David <kamailio.org at spam.lublink.net> wrote:
>
>
>Hello,
>
>Should I be requiring users to authenticate before letting
>them into loose_route(); ? What about anonymous calls from E164, how do
>I authenticate these calls after they have started?
>
>Thanks,
>
>David
>
>
>
>_______________________________________________
>SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
>sr-users at lists.sip-router.org
>http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sip-router.org/pipermail/sr-users/attachments/20120323/0878f3e8/attachment.htm>
More information about the sr-users
mailing list