There is a gaping hole in security if we allow permissions to be
inverted via a 302 redirect. 302 redirects can not be challenged.
Thus, identifying whether the 302 is coming from a "real" authenticated
user can be tricky. Suggestions are welcome how this can be done
without sacrificing security of the entire permission scheme.
On 02/06/2012 11:30 PM, Joegen Baclor wrote:
Correct. Permission is still checked against the caller's credentials
and not against the forwarding party.
On 02/06/2012 11:11 PM, Henry Dogger wrote:
Hi,
Got this working now...
But I still got the permission issue, is this unfixed?
Henry
*From:*[email protected]
[mailto:[email protected]] *On Behalf Of *Henry
Dogger
*Sent:* maandag 6 februari 2012 15:18
*To:* Discussion list for users of sipXecs software
*Subject:* [sipx-users] tel: forwarding in IM status message not working
Hi all,
I noticed this forum entry:
http://forum.sipfoundry.org/index.php?t=tree&goto=47127&S=c9a81cb2111ade1be9888f4a074ce84e#page_top
<http://forum.sipfoundry.org/index.php?t=tree&goto=47127&S=c9a81cb2111ade1be9888f4a074ce84e#page_top>
I have tested this with 4.2.1 and this worked perfectly...
But now I am using 4.4, and I can't seem to get this working.... Is
this function no longer available in IM perhaps?
Kind regards,
Henry Dogger
Telecats BV
_______________________________________________
sipx-users mailing list
[email protected]
List Archive:http://list.sipfoundry.org/archive/sipx-users/
_______________________________________________
sipx-users mailing list
[email protected]
List Archive: http://list.sipfoundry.org/archive/sipx-users/
