< Previous by Date	Date Index	Next by Date >
< Previous in Thread	Thread Index	Next in Thread >

Re: [reSIProcate] RE: ServerAuthManager ?

From: "Dale R. Worley" <dworley@xxxxxxxxxxx>
Date: Wed, 22 Feb 2006 17:26:38 -0500

On Wed, 2006-02-22 at 13:58 -0500, Scott Godin wrote:
> > I've started working on async, I've also reported a new issue that I
> > will fix as part of the async patch:
> > 
> >     http://track.sipfoundry.org/browse/RSP-29
> 
> [Scott] We should be really careful about this.  We should only issue a
> 407 if we haven't already done so for this request.  If we don't do this
> check we could get into an endless loop with poorly behaved UA's. ie.
> UA's that always just send a bad realm, when challenged.

"As opposed to what?"

We could send a 400 in response to a second identical attempt that has
the same authorization problem, but there's no guarantee that the UA
wouldn't attempt to re-send after that, either.

If you mean, "Never send a 407 if it already has an authorization
header." that won't work -- a request can legitimately have several
authorization headers.  But maybe you have a way to detect whether a
request really is a re-send in response to a 407 from this proxy.

Dale

References:
- [reSIProcate] RE: ServerAuthManager ?
  - From: Scott Godin

Prev by Date: [reSIProcate] Re: ServerAuthManager ?
Next by Date: RE: [reSIProcate] RE: ServerAuthManager ?
Previous by thread: [reSIProcate] RE: ServerAuthManager ?
Next by thread: [reSIProcate] Re: ServerAuthManager ?
Index(es):
- Date
- Thread