I've set up an OpenSIPS server and am trying to get the following functionality:
1. Remotely add a row to a database (similar to the alias databas)
2. When an INVITE is received perform some functionality using alias_db module on that database
3. Remove the row found from the database.
#2 is completed and working perfectly :)
My first question is regarding #3 - How can I delete from an SQL DB (or perform any arbitrary SQL commands on any DB) ?
My second question is regarding #1 - Right now I'm accessing the alias DB using MySQL remote management interface. I was wondering if it's dangerous, what happens if I try to update the DB while OpenSIPS is reading from it? Is there a safer way to manipulate SQL DBs used by OpenSIPS while it's running?
Hi again (feels kinda stupid replying to myself).
I figured out how to manipulate SQL from within the routing script. I'm using avp_db_query - it's not pretty but it works.
I'm left with my other question - is it safe to directly manipulate an SQL db used by OpenSIPS, or is there a safer way to it?
There is nothing wrong in doing DB ops from script, just be sure (1) to be efficient and (2) to be secure - secure means here to take care of sql injection - be careful what kind of data from the SIP package are you using into your DB queries and use the escaping transformation to avoid injection.
Thanks for your reply. Is there some module to help me prevent injections, or do I need to write anti-injection functions using regexp myself?
Also, what about doing DB ops from OUTSIDE the script (meaning I connect directly to the SQL DB from a remote machine, and change values) while OpenSIPS is running. Is this safe?
You need to be sure when building the query (in script) - see http://www.opensips.org/Resources/DocsCoreTran18#toc9 . Of course, this make sense only if you are using (in your queries) data from the the SIP message, data that may contain ' or " .