-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I have a security matter with my configuration (default one), it's possible to register using login/password and to set anything in the contact field. So if you have an account 106/password, it's possible to be 105 in the location database!
How is it possible to deny that kind of matter..? Thanks Is it useful to use: method_filtering of the REGISTRAR module Or is it better to so something whith the values below and a compare function?? $ct - reference to body of contact header $ar - realm from Authorization or Proxy-Authorization header $au - username from Authorization or Proxy-Authorization header if ($ct != [EMAIL PROTECTED]) { sl_send_reply("403", "User and login must be the same"); }; Best Regards, Marc LEURENT # U 82.127.0.79:1045 -> 88.191.45.91:5060 REGISTER sip:sd-7501.dedibox.fr;user=phone SIP/2.0. Via: SIP/2.0/UDP 82.127.0.79:1046;branch=z9hG4bK5808036470869310420. From: <sip:[EMAIL PROTECTED]:5060;user=phone>;tag=c0a80101-38c0e7. To: <sip:[EMAIL PROTECTED]:5060;user=phone>. Call-ID: [EMAIL PROTECTED] CSeq: 90 REGISTER. Max-Forwards: 70. Expires: 3600. Contact: <sip:[EMAIL PROTECTED]:1046;user=phone>. Authorization: Digest username="106", realm="sd-7501.dedibox.fr", nonce="46dfceb402cad04812873b855bc50ea65aa99ed5", uri="sip:sd-7501.dedibox.fr", response="7dca83fd358a9aea3a963f4a71ea5c9e", algorithm=MD5, qop=auth, cnonce="38c102", nc=00000001. User-Agent: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4. Allow-Events: refer,dialog,message-summary,check-sync,talk,hold. Content-Length: 0. . AOR:: 105 Contact:: sip:[EMAIL PROTECTED]:1046;user=phone Q= Expires:: 194 Callid:: [EMAIL PROTECTED] Cseq:: 92 User-agent:: THOMSON ST2030 hw0 fw1.56 00-0E-50-4E-AF-C4 Received:: sip:82.127.0.79:1045 State:: CS_SYNC Flags:: 0 Cflag:: 192 Socket:: udp:88.191.45.91:5060 Methods:: 4294967295 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG39AIqjpLE0HiOBYRAiUKAJ9Ilv+Zpbzw89tqWgwmHyVjU/DXugCgjEh8 5XQKEAeiF/L4RWszGC2/yzQ= =SXE9 -----END PGP SIGNATURE----- _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users