ORACLE 11g sqlnet.ora 設定限制IP 訪問
昨天看三思的mysql 看到一節 說 mysql 建立使用者 :
CREATE USER 'usernmae'@'192.168.2.3' IDENTIFIED BY 'password' 是表明 只有從192.168.2.3 發起的usernmae 訪問才被允許接入。
聯想到ORACLE 也有登入策略透過sqlnet.ora 設定引數限制IP訪問策略。
參考文件(Doc ID 462933.1):
metalink
In this Document
Goal
Fix
APPLIES TO:
Oracle Net Services - Version 9.2.0.1.0 and later
Information in this document applies to any platform.
此功能適合於9.2.0.1.0 以後的版本
GOAL
How to control access to the database and understand validnode checking.
透過節點檢查控制訪問資料庫
FIX
You can configure the sqlnet.ora file to allow and deny access to the database via the validnode checking parmeters. (Earlier versions of Oracle, 8i and lower used the protocol.ora file)
透過在sqlnet.ora 裡面配置引數控制透過或者拒絕訪問資料庫,8i之前的資料庫是配置protocol.ora檔案
TCP.VALIDNODE_CHECKING
TCP.VALIDNODE_CHECKING 引數
Use to specify whether to screen access to the database.Value is either YES or ON
指定是否設定保護資料庫
TCP.EXCLUDED_NODES
Use to specify which clients using the TCP/IP protocol are denied access to the database. Hostname and ipaddress can be used
TCP.EXCLUDED_NODES 引數
設定資料庫拒絕訪問的IP 使用tcp/ip 協議。 主機名和ip地址都可使用
TCP.INVITED_NODES
Use to specify which clients using the TCP/IP protocol are allowed access to the database. Hostname and ipadddress can be used.
Example sqlnet.ora file (set where database is running)
TCP.INVITED_NODES 引數
設定資料庫透過訪問的IP 使用tcp/ip 協議。 主機名和ip地址都可使用
注意設定了的時候必須包括本機
TCP.VALIDNODE_CHECKING = YES
TCP.EXCLUDED_NODES= (138.3.33.33)
TCP.INVITED_NODES=(138.4.44.44, hammer)
注意設定了的時候必須包括本機
Would cause the SQL*plus from client "138.3.33.33" to error
sqlplus scott/tiger@orcl
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Oct 16 11:48:40 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12537: TNS:connection closed
Level 16 listener trace will show
nttvlser: valid node check on incoming node 138.3.33.33
nttvlser: Denied Entry: 138.3.33.33
nttcon: exit
nserror: entry
nserror: nsres: id=1, p=65, ns=12546, ns2=12560; nt[0]=516, nt[1]=0, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=
Listener log will show
16-OCT-2007 11:48:40 * 12546
TNS-12546: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00516: Permission denied
But would allow connections from machines "138.4.44.44" and "hammer" to pass.Please note that without the servers host name or ip address in the invited list, then PMON will not register with the listener.
Any changes to the values requires the TNS listener to be reloaded
All host names must be resolvable or the TNS listener will not start
Invited list takes precedence over excluded listed
All entries must be on one line(Best to add entries via Net Manager)
SCAN and TCP.INVITED_NODES will require the SCAN VIPs and Node Vips to be added to the Grid Infrastructure SQLNET.ORA file.
CREATE USER 'usernmae'@'192.168.2.3' IDENTIFIED BY 'password' 是表明 只有從192.168.2.3 發起的usernmae 訪問才被允許接入。
聯想到ORACLE 也有登入策略透過sqlnet.ora 設定引數限制IP訪問策略。
參考文件(Doc ID 462933.1):
metalink
In this Document
Goal
Fix
APPLIES TO:
Oracle Net Services - Version 9.2.0.1.0 and later
Information in this document applies to any platform.
此功能適合於9.2.0.1.0 以後的版本
GOAL
How to control access to the database and understand validnode checking.
透過節點檢查控制訪問資料庫
FIX
You can configure the sqlnet.ora file to allow and deny access to the database via the validnode checking parmeters. (Earlier versions of Oracle, 8i and lower used the protocol.ora file)
透過在sqlnet.ora 裡面配置引數控制透過或者拒絕訪問資料庫,8i之前的資料庫是配置protocol.ora檔案
TCP.VALIDNODE_CHECKING
TCP.VALIDNODE_CHECKING 引數
Use to specify whether to screen access to the database.Value is either YES or ON
指定是否設定保護資料庫
TCP.EXCLUDED_NODES
Use to specify which clients using the TCP/IP protocol are denied access to the database. Hostname and ipaddress can be used
TCP.EXCLUDED_NODES 引數
設定資料庫拒絕訪問的IP 使用tcp/ip 協議。 主機名和ip地址都可使用
TCP.INVITED_NODES
Use to specify which clients using the TCP/IP protocol are allowed access to the database. Hostname and ipadddress can be used.
Example sqlnet.ora file (set where database is running)
TCP.INVITED_NODES 引數
設定資料庫透過訪問的IP 使用tcp/ip 協議。 主機名和ip地址都可使用
注意設定了的時候必須包括本機
TCP.VALIDNODE_CHECKING = YES
TCP.EXCLUDED_NODES= (138.3.33.33)
TCP.INVITED_NODES=(138.4.44.44, hammer)
注意設定了的時候必須包括本機
Would cause the SQL*plus from client "138.3.33.33" to error
sqlplus scott/tiger@orcl
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Oct 16 11:48:40 2007
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-12537: TNS:connection closed
Level 16 listener trace will show
nttvlser: valid node check on incoming node 138.3.33.33
nttvlser: Denied Entry: 138.3.33.33
nttcon: exit
nserror: entry
nserror: nsres: id=1, p=65, ns=12546, ns2=12560; nt[0]=516, nt[1]=0, nt[2]=0; ora[0]=0, ora[1]=0, ora[2]=
Listener log will show
16-OCT-2007 11:48:40 * 12546
TNS-12546: TNS:permission denied
TNS-12560: TNS:protocol adapter error
TNS-00516: Permission denied
But would allow connections from machines "138.4.44.44" and "hammer" to pass.Please note that without the servers host name or ip address in the invited list, then PMON will not register with the listener.
Any changes to the values requires the TNS listener to be reloaded
All host names must be resolvable or the TNS listener will not start
Invited list takes precedence over excluded listed
All entries must be on one line(Best to add entries via Net Manager)
SCAN and TCP.INVITED_NODES will require the SCAN VIPs and Node Vips to be added to the Grid Infrastructure SQLNET.ORA file.
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26764973/viewspace-1370797/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle資料庫限制訪問IPOracle資料庫
- 如何限制ip訪問Oracle資料庫Oracle資料庫
- .htaccess IP訪問限制
- Windows限制訪問指定IPWindows
- windows設定僅訪問特定ipWindows
- MYSQL設定允許所有IP訪問MySql
- 如何解決網站限制IP訪問的問題網站
- windows server 2012更改遠端埠,限制IP訪問WindowsServer
- 在sqlnet.ora中設定引數限制使用者登入時間SQL
- laravel 單使用者 單IP 頻次訪問限制Laravel
- Oracle 11G 修改scan_ipOracle
- mysql設定指定ip遠端訪問連線例項MySql
- Vue——Vue專案本地伺服器設定既能localhost訪問又能手機IP訪問Vue伺服器localhost
- 如何處理帝國cms後臺設定IP限制後,將自己的IP都限制了
- 帝國CMS後臺設定IP限制後,將自己的IP都限制了,如何處理?
- Oracle 11g 密碼設定為不過期Oracle密碼
- Harbor設定https訪問HTTP
- Oracle OCP(45):sqlnet.oraOracleSQL
- iOS12訪問限制沒有了 ?iOS12訪問限制在哪iOS
- ASP實現限制一個ip只能訪問一次的方法
- Sqlserver限制賬戶在哪些ip下才可以訪問資料庫SQLServer資料庫
- [20210115]sqlnet.ora設定sqlnet.expire_time斷開時oracle如何探測.txtSQLOracle
- Python 訪問限制 private publicPython
- postgresql如何設定外界訪問SQL
- Oracle 11g RAC SCAN ip的原理及配置Oracle
- python--django專案如何設定用自己的iP地址訪問專案PythonDjango
- 阿里雲安全組規則授權物件設定為固定IP段訪問阿里物件
- 求助:請問下有訪問頻率限制的介面怎麼在 jmeter 執行緒組中設定JMeter執行緒
- PHPMyAdmin 設定阿里雲rds訪問PHP阿里
- 如何在RedHat Linux 6.8新增ftp使用者限制目錄和訪問ipRedhatLinuxFTP
- Vue與ASP.NET Core Web Api設定localhost與本地ip地址皆可訪問VueASP.NETWebAPIlocalhost
- go 突破訪問限制,訪問其他包中的私有變數Go變數
- PostgreSQL IP地址訪問配置SQL
- 【PRODUCE】Oracle 通過儲存過程限制使用者訪問表資料Oracle儲存過程
- Linux下設定redis訪問密碼LinuxRedis密碼
- Windows下設定elacticsearch 訪問密碼Windows密碼
- Python 訪問和設定私有屬性Python
- phpmyadmin設定root賬戶外部訪問PHP
- windows伺服器下指定IP地址遠端訪問伺服器的設定方法Windows伺服器