NowSMS msisdn Auth

NowSMS msisdn Auth SearchSearch
Author Message
Rafael Vasquez
New member
Username: Rvasquez

Post Number: 5
Registered: 04-2004
Posted on Friday, April 23, 2004 - 03:53 pm:   

Hello,

We have a new issue, we need authentication based on X-MSISDN.
Rigth now I can trick the mmsc by setting in my mobile a mms-URL with another user different than mine and the MMS will be send like someone else is sending it.
Lets put an example:
There are 3 users on the MMSC:
845-1458 Rafael
845-1252 Juls
845-1456 yuba
In my mobile I put as homepage http://172.16.127.50:8088/juls=pass then I send a message to 845-1456 and he will receive a message from 845-1252 instead of 845-1458.
So the MMSC is using the mms-URL for authentication... Please Help !!!!, It's Urgent
Bryce Norwood - NowSMS Support
Board Administrator
Username: Bryce

Post Number: 2393
Registered: 10-2002
Posted on Saturday, April 24, 2004 - 02:21 am:   

Rafael,

Yes, if you use a valid username and password for another account, this will happen.

There is nothing in the MMS protocol that provides user identification.

The quick and easy way to implement user identification is to configure the MMS Server URL on the phone to include a username and password.

Obviously this is not a workable scenario for a mobile operator. The alternative scenario is for the MMSC to receive MSISDN information from the WAP proxy. There is a description of relevant configuration settings for configuring the MMSC to accept an "X-MSISDN" (or other) header from the WAP proxy, described in the following document:

http://www.nowsms.com/support/bulletins/tb-nowsms-002.htm

That document also provides a brief description of how to configure the Now.WAP Proxy to integrate with RADIUS so that it can receive MSISDN information, and be able to generate an "X-MSISDN" header. (MSISDN information is not provided standard as part of the WAP protocols either ... a WAP proxy must receive this information via RADIUS.)

Take a look at the document that I referenced above.

-bn