[SR-Users] loose_route security
Klaus Darilion
klaus.mailinglists at pernau.at
Mon Apr 11 12:23:57 CEST 2011
Am 11.04.2011 10:17, schrieb Alex Balashov:
> On 04/11/2011 03:25 AM, Klaus Darilion wrote:
>
>> Thus: Check for to-tag. This is how you can differ out-of-dialog
>> requests from in-dialog requests. Only if the to-tag is present, call
>> loose_route().
>
> I suppose in principle the problem here is that has_totag() only checks
> if there is *a* To-tag, not whether it is a valid To-tag associated with
> a known dialog.
Yes, that's the disadvantage of a transaction-only stateful proxy.
Takeing a look at the previous problems with dialog module, and the
recent problems, I prefer to not use dialog module even in the case
someone my abuse my proxy as reflector. ;-)
regards
Klaus
More information about the sr-users
mailing list