通過SQLNET.ora檔案限制Ip地址訪問

yangzhangyue發表於2013-07-25
原文網址 : http://blog.itpub.net/29033984/viewspace-767102/
SQL
我們可以通過配置sqlnet.ora檔案控制某些ip對資料庫的訪問

Access Control Settings in sqlnet.ora
Oracle Net Manager Field/Option sqlnet.ora File Parameter Description

Check TCP/IP client access rights

TCP.VALIDNODE_CHECKING

Use to specify whether to screen access to the database.

If this field is selected, Oracle Net Manager checks the parameters TCP.EXCLUDED_NODES and TCP.VALIDNODE_CHECKING to determine which clients to allow access to the database. If this field is deselected, Oracle Net Manager does not screen clients.

Clients excluded from access

TCP.EXCLUDED_NODES

Use to specify which clients using the TCP/IP protocol are denied access to the database.

Clients allowed to access


當我們需要遮蔽某些伺服器時,或者說我們只希望某些ip可以連線時,我們可以通過設定sqlnet.ora實現。

設定前
在 192.168.6.52使用tnsping測試

[16:21:27 oracle@david_dgp ~]$ tnsping mydgl

TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 25-JUL-2013 16:21:35

Copyright (c) 1997, 2011, Oracle.  All rights reserved.

Used parameter files:


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.6.53)(PORT = 1530)) (CONNECT_DATA = (SERVER = DEDICATED) (SID = myora)))
OK (0 msec)

在mydgl sqlnet.ora中新增如下內容:
TCP.VALIDNODE_CHECKING = YES

NAMES.DIRECTORY_PATH= (TNSNAMES)

TCP.INVITED_NODES= (192.168.6.53,192.168.6.51)

TCP.EXCLUDED_NODES= (192.168.6.52)

重啟listener。

在 6.52上重新測試
[16:22:13 oracle@david_dgp ~]$ tnsping mydgl

TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 25-JUL-2013 16:22:48

Copyright (c) 1997, 2011, Oracle.  All rights reserved.

Used parameter files:


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.6.53)(PORT = 1530)) (CONNECT_DATA = (SERVER = DEDICATED) (SID = myora)))
TNS-12547: TNS:lost contact
可以發現已經不能解析

在6.51上測試
[16:17:55 oracle@david_pri admin]$ tnsping mydgl

TNS Ping Utility for Linux: Version 11.2.0.3.0 - Production on 25-JUL-2013 16:24:06

Copyright (c) 1997, 2011, Oracle.  All rights reserved.

Used parameter files:
/u01/app/oracle/product/11.2.0/db/network/admin/sqlnet.ora


Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.6.53)(PORT = 1530)) (CONNECT_DATA = (SERVER = DEDICATED) (SID = myora)))
OK (0 msec)

這將使我們在需要的時候控制某些ip的連線

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/29033984/viewspace-767102/,如需轉載,請註明出處,否則將追究法律責任。

相關文章