[asterisk-dev] Kill the user, kill the user!

Luigi Rizzo rizzo at icir.org
Fri Dec 7 12:31:52 CST 2007


On Fri, Dec 07, 2007 at 11:05:57AM -0600, Tilghman Lesher wrote:
> On Thursday 06 December 2007 16:48:43 Patrick wrote:
> > On Thu, 2007-12-06 at 14:04 -0800, Ryan Mitchell wrote:
> > > To raise an issue that's come up a few times before, instead of
> > > checking user then ip/port, why not check ip/port first then user?
> >
> > How about making it configurable per peer?
> 
> That doesn't make any sense.  The whole purpose of this code is to FIND
> the peer.  By the time you know which peer, it's too late.

i was about to make the same comment in my previous email,
however there is perhaps a partially related per-peer setting,
namely allow/disallow/assign different weights to each
match criteria on a per-peer basis.

E.g. for certain peers who have little privilege (e.g.
cannot place external calls or cannot use toll services)
you might decide to allow IP/port matching even if not
authenticated; for other peers you could allow a match only
basing on some more reliable credential. And so on.

This requires a bit of thought but it is probably doable.

cheers
luigi



More information about the asterisk-dev mailing list