<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body text="#000000" bgcolor="#FFFFFF">
    <div class="moz-cite-prefix"><tt>Hi,<br>
        <br>
        In a SIP request you have two identities :<br>
            - the SIP identity, in the FROM hdr - the caller<br>
            - the auth identity (username and password) from the Authorize
        header.<br>
        <br>
        In SIP specs there is nothing says that the 2 identities must be
        the same. So you can have several SIP identities using the same
        auth identity. <br>
        <br>
        The db_check_from() function check the relation between the 2
        identities - like which auth identity is allowed to be used for
        a SIP identity.<br>
        <br>
        Regards,<br>
      </tt>
      <pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="http://www.opensips-solutions.com">http://www.opensips-solutions.com</a></pre>
      On 16.09.2014 05:50, Satish Patel wrote:<br>
    </div>
    <blockquote
cite="mid:CAPgF-foob1ed_m5_yOwapb3X5RbnLHbor9qtR+qyatZbg0pcnA@mail.gmail.com"
      type="cite">
      <div dir="ltr">
        <div>I want to disable "db_check_from" function but want to make
          sure Opensips is secure enough. <br>
          <br>
        </div>
        Reference email: <a moz-do-not-send="true"
          href="http://lists.opensips.org/pipermail/users/2012-June/022057.html">http://lists.opensips.org/pipermail/users/2012-June/022057.html</a>
        <br>
        <br>
        <pre>Bogdan-Andrei saying "If you disable the function, any SIP user will be able to use any valid 
auth credentials." 

</pre>
        <pre>I have disabled it and try to authenticate using other username account but it won't allowed me to do, could you please explain what you trying to say?

</pre>
        <div>
          <div><br>
            if (!db_check_from()) {<br>
                                          
            sl_send_reply("403","Forbidden auth ID");<br>
                                           exit;<br>
                                    }<br>
            <br>
          </div>
        </div>
      </div>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
      <pre wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
    </blockquote>
    <br>
  </body>
</html>