[asterisk-dev] Improper (?) use of SIP 403 to reject REGISTER for bad auth
Nathan Anderson
nathana at fsr.com
Mon Apr 8 03:33:24 CDT 2013
Hey Olle,
On Sunday, April 07, 2013 11:15 PM, Olle E. Johansson wrote:
> I think this is a very old bug that I implemented. The 403 should be
> removed.
Thanks for the reply. If not with a 403 (which I agree with you on), how should Asterisk respond to a REGISTER attempt with invalid credentials? Should it repeat the 401 status code? Although I have found people condemning the use of a 403 response in such a scenario, I haven't found a description of recommended "best industry practice" either.
Also, does a JIRA already exist for this, or should I open a new one?
Thanks,
--
Nathan Anderson
First Step Internet, LLC
nathana at fsr.com
More information about the asterisk-dev
mailing list