[Freeswitch-users] patch for sofia_sip_i_invite to support replaces with action
Luis Azedo
luis.azedo at factorlusitano.com
Wed Apr 22 17:47:58 MSD 2015
>
> Couldn't this be a huge security vulnerability used to inject arbitrary
> commands into a session in FreeSWITCH?
>
>
isn't the call authenticated first ? anyway, an option can be added to
sip_profile to allow this.
> why don't you pass the call to mod_perl or Lua, and do all the
> necessary lookups in the script? This shpouldn;t be a big deal to
> implement, and much more safe than patching mod_sofia.
>
> not an option, but thanks for suggesting
>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.freeswitch.org/pipermail/freeswitch-users/attachments/20150422/85dee507/attachment.html
Join us at ClueCon 2016 Aug 8-12, 2016
More information about the FreeSWITCH-users
mailing list