[OpenSER-Users] Multidomain and in-dialog REFER auth issue
    Iñaki Baz Castillo 
    ibc at in.ilimit.es
       
    Mon Oct 15 10:13:22 CEST 2007
    
    
  
El Monday 15 October 2007 09:58:36 Iñaki Baz Castillo escribió:
> How can my OpenSer know which domain this REFER goes? of course the "To"
> header is not valid at all.
>
> Could be a solution a SQL query to "location" table looking for the URI
> (sip:userB at 80.98.123.23:5060) and getting the username and domain of this?
Anyway this solution wouldn't be secure since userA at domainA.com could hack 
its "From" header in the REFER and appears as "@domainB.com".
So I think I need to store dialog info in a table (in the 200-OK), with those 
info:
- "From" header domain
- RURI domain
- fromtag
- totag
- "Call-ID" header
and query this table in REFER amtching fromtag, totag and Call-ID, and just 
allow the REFER is "From" header and RURI domain are the same.
"Dialog" module is not valid for me since it doesn't store RURI.
Any suggestion about it? Thanks a lot.
-- 
Iñaki Baz Castillo
ibc at in.ilimit.es
    
    
More information about the Users
mailing list