[OpenSIPS-Users] Is it safe to disable db_check_from?

Bogdan-Andrei Iancu bogdan at opensips.org
Fri Jun 22 00:32:54 CEST 2012

Hi Adam,

The idea behind the db_check_from() is that in SIP you have the SIP user 
and the auth SIP - and you may have any relation between them - like 
bob at sip.com may authenticate with whatever auth credentials (user + pwd) 
that are valid.

The function forces either an 1-1 mapping between SIP and auth users, 
either uses the uri table to create a custom mapping - like what SIP 
user is allowed to use what auth user.

If you disable the function, any SIP user will be able to use any valid 
auth credentials.


Bogdan-Andrei Iancu
OpenSIPS Founder and Developer

On 06/21/2012 10:46 AM, Adam Raszynski wrote:
> Hi
> In default opensips.cfg there is following line:
> if (!db_check_from()) {
>    send_reply("403", "Forbidden Auth ID");
>    exit;
> }
> Beside that I authenticate all calls by using proxy_authorize function
> The problem is that some buggy/cheap ATA's can't be configured to use 
> user in From field to be identical with authentication username and it 
> results 403 error for them.
> Unfortunately I can't tell my customers to replace their buggy ATA's
> So, is it safe to disable db_check_from when proxy_authorize is in place?
> Does it pose any security problems?
> Best Regards
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20120622/7d822bfa/attachment.htm>

More information about the Users mailing list