Hello Klaus,
On 10/04/07 17:18, Klaus Darilion wrote:
HI Daniel!
When is this needed? When I want to have authentication depending on
the request URI?
that might be a case as well. The main reason, reported by Radu, is that
the digest auth for sip requires/recommends to check digest uri with
r-uri. In this way, you can limit the effects of a reply attack, by
forcing the same destination as the initial request. Doing it in script
cope with complex scenarios, where the r-uri is changed due to
dispatching/load balancing, so you can test to what is more appropriate,
r-uri, to uri, special header.
Daniel
klaus
Daniel-Constantin Mierla schrieb:
Revision: 2852
http://openser.svn.sourceforge.net/openser/?rev=2852&view=rev
Author: miconda
Date: 2007-10-04 06:22:45 -0700 (Thu, 04 Oct 2007)
Log Message:
-----------
- new PV: $adu - auth digest uri - the uri from auth credentials
- useful to tighten the security checks (can be now compared with
To/R-URI to see if it is intended destination used to compose the
digest response)
- reported by Radu State
Modified Paths:
--------------
trunk/pvar.c
trunk/pvar.h
This was sent by the SourceForge.net collaborative development
platform, the world's largest Open Source development site.
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
_______________________________________________
Devel mailing list
Devel@openser.org
http://openser.org/cgi-bin/mailman/listinfo/devel
