[prev in list] [next in list] [prev in thread] [next in thread]
List: serweb-dev
Subject: [Serweb-dev] click2dial without authentication
From: karel () iptel ! org (Karel Kozlik)
Date: 2005-09-16 18:46:31
Message-ID: 432AF6D6.8000905 () iptel ! org
[Download RAW message or body]
Hi,
thanks for report. I will fix it.
Karel
Klaus Darilion napsal(a):
> Hi Karel!
>
> There is an security issue. The click2dial applet works without
> authentication.
>
> Calling the URI of the applet directly via:
> https://domain.xxxx/js/click_to_dial.php?target=sip:klaus.darilion@nic.at43.at&uri=sip:klaus@enum.at
>
>
> allows everybody initiating a call.
>
> regards
> klaus
>
> _______________________________________________
> Serweb-dev mailing list
> Serweb-dev@iptel.org
> http://mail.iptel.org/mailman/listinfo/serweb-dev
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic