Hi Gregory,
For the grammar of the SIP username, see the
https://www.ietf.org/rfc/rfc3261.html, page 221 - you have all the
details there.
For the contact test, yes, it should be correct.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
Thank you Bogdan!
It's worth noting that, if using {s.escape.user}, it won't detect a SQL
injection, however, it may detect other potentially problematic
characters, so one then has to apply both checks individually, e.g.
if ( $fU != $(fU{s.escape.common}) || $tU != $(tU{s.escape.common}) )
Hi Gregory,
As it is said, there is no single way to skin the cat :). Your approach
is a valid one, by using the escaping transformation. Maybe you should
check the s.escape.user [1].
Such checks make sense when using avp_db_query(), so raw queries. The
internal queries (like auth, etc) are
Hi all
I'm wondering what the best practice is in terms of detection and
dropping attempted SQL injection attacks?
Is something like the following adequate or can this be enhanced:
if ( $fU != $(fU{s.escape.common}) || $tU != $(tU{s.escape.common}) ) {
drop();
}
Obviously this does