[OpenSIPS-Users] db_check_from function
Bogdan-Andrei Iancu
bogdan at opensips.org
Tue Sep 16 09:52:05 CEST 2014
Hi,
In a SIP request you have two identities :
- the SIP identity, in the FROM hdr - the caller
- the auth identity (username and password) from the Authorize header.
In SIP specs there is nothing says that the 2 identities must be the
same. So you can have several SIP identities using the same auth identity.
The db_check_from() function check the relation between the 2 identities
- like which auth identity is allowed to be used for a SIP identity.
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
http://www.opensips-solutions.com
On 16.09.2014 05:50, Satish Patel wrote:
> I want to disable "db_check_from" function but want to make sure
> Opensips is secure enough.
>
> Reference email:
> http://lists.opensips.org/pipermail/users/2012-June/022057.html
>
> Bogdan-Andrei saying "If you disable the function, any SIP user will be able to use any valid
> auth credentials."
>
> I have disabled it and try to authenticate using other username account but it won't allowed me to do, could you please explain what you trying to say?
>
>
> if (!db_check_from()) {
> sl_send_reply("403","Forbidden auth ID");
> exit;
> }
>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20140916/e2970ea6/attachment.htm>
More information about the Users
mailing list