[Serusers] DB logging issue

Paul PREVOT prevot at enseirb.fr
Mon Jul 10 15:32:17 CEST 2006

Nobody is able to answer me? Is it impossible to ensure security with ser or
openser? Do I have to modify www_authorize()?


-----Message d'origine-----
De : serusers-bounces at lists.iptel.org
[mailto:serusers-bounces at lists.iptel.org] De la part de Paul PREVOT
Envoyé : mardi 4 juillet 2006 11:06
À : serusers at iptel.org
Objet : [Serusers] DB logging issue

Hi all,

I am using the following code to log calls in DB:

modparam("acc ", "db_url", "mysql://openser:openserrw@localhost/openser")
modparam("acc", "log_level", 1)
#modparam("acc", "log_flag", 1)
modparam("acc", "db_flag", 3)

if (method=="INVITE") {
         if (!www_authorize("mydomain.org", "subscriber")) {
                 www_challenge("mydomain.org", "0");

In the following situation:

Username : sip:tutu at mydomain.org
Login : toto
Pw : toto

This client would be able to handle the challenge as he has a valid login
and pw, but openser will log tutu in DB as caller!!!!

In this situation I'd like either to log correctly in DB or to reject the
call and ask user to setup his sip client properly.

Have you already experienced this issue? Do you have any idea how to fix it?
How can I check if username is really equals to login used for


Serusers mailing list
Serusers at lists.iptel.org

More information about the sr-users mailing list