El Monday 15 October 2007 12:12:44 Klaus Darilion escribió: > Iñaki Baz Castillo schrieb: > > El Monday 15 October 2007 11:26:16 Klaus Darilion escribió: > >> Authentication of in-dialog requests in SIP is broken - you can not rely > >> on the From/To headers. > > > > I can rely on "From" since if I authenticate a caller and do > > "check_from()" I can be sure there is not spoof. > > > > But I need to know the dialog original URI domain in order to allow or > > not a REFER. > > > > Because of this issue I need to store dialog info with original URI. >
> What exactly do you want to achieve? Do you want to allow REFER only > intradomain? Exactly. - Imagine you admin a OpenSer that gives service to 2 independent companies (domain_A and domain_B). - Imagine a user_A of domain_A calls to a user_B of domain_B. - During the call user_A does REFER. - OpenSer requires auth por REFER, so user_A sends auth (it can since it's a local user). - So finally user_B is transferred by an external user. Of course this is not tolerable. So I need to allow a REFER just if the caller and called are in the same domain, but REFER is in-dialog so there is not domain name in the URI. That's the issue I try to solve. Thanks. -- Iñaki Baz Castillo [EMAIL PROTECTED] _______________________________________________ Users mailing list Users@openser.org http://openser.org/cgi-bin/mailman/listinfo/users