Bob wrote: > > Scott wrote: > > > If the resource list server isn't going to do the > enforcement, then > > > the protection is more apparent than real... not sure I'd > > go there... > > > > sipXecs RLS already does enforce, in that the user without the > > permission will not have a resource list to subscribe to. > > I was not aware of that. I know that the RLS challenges the > SUBSCRIBE so that only valid users can subscribe but does it > also enforce that you can only subscribe to the resource list you own?
Surely you can only subscribe to your own resource list? (And surely you can only subscribe to your own MWI?) Admittedly I do not know for certain. Dale, can you confirm? But yes I agree, if RLS does not already enforce access, then we should add it to XX-8496. -Paul [email protected] _______________________________________________ sipx-dev mailing list [email protected] List Archive: http://list.sipfoundry.org/archive/sipx-dev Unsubscribe: http://list.sipfoundry.org/mailman/listinfo/sipx-dev sipXecs IP PBX -- http://www.sipfoundry.org/
