diff --git a/src/apps/common/ns_turn_utils.c b/src/apps/common/ns_turn_utils.c
index 7ca70f8..c51bc6b 100644
--- a/src/apps/common/ns_turn_utils.c
+++ b/src/apps/common/ns_turn_utils.c
@@ -867,7 +867,7 @@ char *turn_strdup_func(const char* s, const char* function, int line) {
 
 ////////////////////////////////
 
-int is_secure_string(const u08bits *string)
+int is_secure_string(const u08bits *string, int sanitizesql)
 {
 	int ret = 0;
 	if(string) {
@@ -880,7 +880,7 @@ int is_secure_string(const u08bits *string)
 		s = s0;
 		if(strstr((char*)s," ")||strstr((char*)s,"\t")||strstr((char*)s,"'")||strstr((char*)s,"\"")||strstr((char*)s,"\n")||strstr((char*)s,"\r")||strstr((char*)s,"\\")) {
 			;
-		} else if(strstr((char*)s,"union")&&strstr((char*)s,"select")) {
+		} else if(sanitizesql && strstr((char*)s,"union")&&strstr((char*)s,"select")) {
 			;
 		} else {
 			ret = 1;
diff --git a/src/apps/common/ns_turn_utils.h b/src/apps/common/ns_turn_utils.h
index d3890d3..da3b777 100644
--- a/src/apps/common/ns_turn_utils.h
+++ b/src/apps/common/ns_turn_utils.h
@@ -78,7 +78,7 @@ void rollover_logfile(void);
 
 ///////////////////////////////////////////////////////
 
-int is_secure_string(const u08bits *string);
+int is_secure_string(const u08bits *string, int sanitizesql);
 
 ///////////////////////////////////////////////////////
 
diff --git a/src/apps/relay/mainrelay.c b/src/apps/relay/mainrelay.c
index 55ec9d8..8207cc2 100644
--- a/src/apps/relay/mainrelay.c
+++ b/src/apps/relay/mainrelay.c
@@ -1823,7 +1823,7 @@ static int adminmain(int argc, char **argv)
 #endif
         case 'u':
             STRCPY(user,optarg);
-            if(!is_secure_string((u08bits*)user)) {
+            if(!is_secure_string((u08bits*)user,1)) {
                 TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "Wrong user name structure or symbols, choose another name: %s\n",user);
                 exit(-1);
             }
diff --git a/src/apps/relay/turn_admin_server.c b/src/apps/relay/turn_admin_server.c
index 00cfb08..8c42aa2 100644
--- a/src/apps/relay/turn_admin_server.c
+++ b/src/apps/relay/turn_admin_server.c
@@ -3295,7 +3295,7 @@ static void handle_logon_request(ioa_socket_handle s, struct http_request* hr)
 			s->special_session_size = sizeof(struct admin_session);
 		}
 
-		if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname) && pwd && is_secure_string((const u08bits*)pwd)) {
+		if(!(as->as_ok) && uname && is_secure_string((const u08bits*)uname,1)) {
 			const turn_dbdriver_t * dbd = get_dbdriver();
 			if (dbd && dbd->get_admin_user) {
 				password_t password;
diff --git a/src/server/ns_turn_server.c b/src/server/ns_turn_server.c
index 06bde85..5790b7f 100644
--- a/src/server/ns_turn_server.c
+++ b/src/server/ns_turn_server.c
@@ -1029,7 +1029,7 @@ static int handle_turn_allocate(turn_turnserver *server,
 					}
 					ns_bcopy(value,username,ulen);
 					username[ulen]=0;
-					if(!is_secure_string(username)) {
+					if(!is_secure_string(username,1)) {
 						TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)username);
 						username[0]=0;
 						*err_code = 400;
@@ -3346,7 +3346,7 @@ static int check_stun_auth(turn_turnserver *server,
 		ns_bcopy(stun_attr_get_value(sar),realm,alen);
 		realm[alen]=0;
 
-		if(!is_secure_string(realm)) {
+		if(!is_secure_string(realm,0)) {
 			TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong realm: %s\n", __FUNCTION__, (char*)realm);
 			realm[0]=0;
 			*err_code = 400;
@@ -3388,7 +3388,7 @@ static int check_stun_auth(turn_turnserver *server,
 	ns_bcopy(stun_attr_get_value(sar),usname,alen);
 	usname[alen]=0;
 
-	if(!is_secure_string(usname)) {
+	if(!is_secure_string(usname,1)) {
 		TURN_LOG_FUNC(TURN_LOG_LEVEL_ERROR, "%s: wrong username: %s\n", __FUNCTION__, (char*)usname);
 		usname[0]=0;
 		*err_code = 400;