I used base64 encoding transformations to deal with these kinds of problems.
—
Sent from mobile, apologies for brevity and errors.
> On Jan 12, 2024, at 6:11 AM, Benoît Panizzon via sr-users
> <sr-users@lists.kamailio.org> wrote:
>
> Hi Daniel
>
>> comma is not allowed in an unquoted value for SIP parameters because
>> it is separator for header bodies that are set on the same header
>> name. Practically the comma is the end of parameters list.
>
> Thank you for your confirmation I was on the right track.
>
>> It should work with:
>>
>> xavp_params_explode("a=foo;c=\"hello,world\";e=baar", "x");
>
> Any recipe on how to solve if the value is the 'authentication'
> password taken from the database? As far as I understood the SIP RFC a
> comma is permitted in the SIP password itself, as it is never present
> cleartext in a sip header.
>
> Quick example of what I do when receiving a REGISTER with credentials to pull
> the password:
>
> $var(query) = "select user,password,language from sometable where auth_user =
> '" + $var(auth_user) + "' limit 1";
> $var(qresult) = sql_xquery("database", "$var(query)", "userdata");
> xavp_params_implode("userdata","$var(xuserdata)");
>
> $var(xuserdata) is "user=JohnDoe;password=secret,password;language=de_CH"
>
> This is the stored in an $sht to be cached and available for a while and
> reducde SQL queries.
>
> I guess there is no way to have sql_xquery automatically quote result fields
> that need quoting.
>
> I could probably do select user,concat('"',password,'"'),language from
> sometable?
>
> This could also be a potential issue with variable injections via SQL.
> Immagine some use sets a password ";var=value" this would lead to this var
> being overwritten I guess.
>
> We are moving towards storing ha1 hashed passwords, so that would solve my
> issue I guess.
>
> --
> Mit freundlichen Grüssen
>
> -Benoît Panizzon- @ HomeOffice und normal erreichbar
> --
> I m p r o W a r e A G - Leiter Commerce Kunden
> ______________________________________________________
>
> Zurlindenstrasse 29 Tel +41 61 826 93 00
> CH-4133 Pratteln Fax +41 61 826 93 01
> Schweiz Web http://www.imp.ch
> ______________________________________________________
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> To unsubscribe send an email to sr-users-le...@lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to the
> sender!
> Edit mailing list options or unsubscribe:
__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the
sender!
Edit mailing list options or unsubscribe:
