[OpenSIPS-Users] Is it safe to disable db_check_from?
Bogdan-Andrei Iancu
bogdan at opensips.org
Fri Jun 22 00:32:54 CEST 2012
Hi Adam,
The idea behind the db_check_from() is that in SIP you have the SIP user
and the auth SIP - and you may have any relation between them - like
bob at sip.com may authenticate with whatever auth credentials (user + pwd)
that are valid.
The function forces either an 1-1 mapping between SIP and auth users,
either uses the uri table to create a custom mapping - like what SIP
user is allowed to use what auth user.
If you disable the function, any SIP user will be able to use any valid
auth credentials.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 06/21/2012 10:46 AM, Adam Raszynski wrote:
> Hi
>
> In default opensips.cfg there is following line:
>
> if (!db_check_from()) {
> send_reply("403", "Forbidden Auth ID");
> exit;
> }
>
> Beside that I authenticate all calls by using proxy_authorize function
>
> The problem is that some buggy/cheap ATA's can't be configured to use
> user in From field to be identical with authentication username and it
> results 403 error for them.
> Unfortunately I can't tell my customers to replace their buggy ATA's
>
> So, is it safe to disable db_check_from when proxy_authorize is in place?
>
> Does it pose any security problems?
>
> Best Regards
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120622/7d822bfa/attachment.htm>
More information about the Users
mailing list