On Tuesday 01 September 2015 08:58:30 Daniel-Constantin Mierla wrote:
> if($rd!=$fd) {
> send_reply("403", "Call outside the domain");
> exit;
> }
What is stopping from people from setting $fd to the desired domain? Isn't $ad
a better var. for this since it isn't dependend on user supplied data (well it
is but then authenication will fail). Otherwise $fd should be used for
authentication challenge/response.
_______________________________________________
SIP Express Router (SER) and Kamailio (OpenSER) - sr-users mailing list
sr-users@lists.sip-router.org
http://lists.sip-router.org/cgi-bin/mailman/listinfo/sr-users
