2011/2/24 Toyima Dias <toyim...@gmail.com>: > I have an Asterisk as a GW, i don't want to ask for authentication to > incoming calls (coming from the Asterisk), so i did the following: > > Previously i added the IP of the Asterisk to the table "domain" so the > function is_from_local could check the from domain in the domain table and > get into the if bucle
This is wrong and a real security hole. is_from_local() function just checks the existance of the From domain of the request in "domain" table. Any attacker in the world can send a spoofed request with such a domain to your opensips. Will you allow it to access just because the From domain is the same as the IP of your Asterisk? Use tables and functions in permissions module, just it. -- Iñaki Baz Castillo <i...@aliax.net> _______________________________________________ Users mailing list Users@lists.opensips.org http://lists.opensips.org/cgi-bin/mailman/listinfo/users
