oracle 登陸限制ip
生產庫中常用的就2種 一個是sqlnet.ora,一個是用trigger,由於最近用到過特此記錄(實際使用中常用就是server端sqlnet.ora直接限制).
#10g client connet 11g database
[oracle@ora10g admin]$ sqlplus system/a123@test
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Apr 23 21:10:22 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL>
1.sqlnet.ora方式
[oracle@vm11g admin]$ vi sqlnet.ora
tcp.validnode_checking=yes
tcp.invited_nodes =(192.168.1.99)
tcp.excluded_nodes=(192.168.1.66)
~
~
TCP.EXCLUDED_NODES
設定禁止訪問資料庫的IP地址列表。
TCP.INVITED_NODES
設定允許訪問資料庫的IP地址列表,當這個引數和TCP.EXCLUDED_NODES設定的地址相同的時候將覆蓋TCP.EXCLUDED_NODES設定。
TCP.VALIDNODE_CHECKING
檢測上述引數的設定。
~[oracle@vm11g admin]$ lsnrctl start 重起lsnr
LSNRCTL for Linux: Version 11.1.0.6.0 - Production on 12-APR-2010 09:19:45
Copyright (c) 1991, 2007, Oracle. All rights reserved.
Starting /home/oracle/product/11g/database/bin/tnslsnr: please wait...
TNSLSNR for Linux: Version 11.1.0.6.0 - Production
System parameter file is /home/oracle/product/11g/database/network/admin/listener.ora
Log messages written to /home/oracle/diag/tnslsnr/vm11g/listener/alert/log.xml
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vm11g)(PORT=1521)))
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.1.0.6.0 - Production
Start Date 12-APR-2010 09:19:45
Uptime 0 days 0 hr. 0 min. 0 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /home/oracle/product/11g/database/network/admin/listener.ora
Listener Log File /home/oracle/diag/tnslsnr/vm11g/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vm11g)(PORT=1521)))
The listener supports no services
The command completed successfully
SQL> alter system register;
System altered.
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.6.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@vm11g admin]$ lsnrctl status
LSNRCTL for Linux: Version 11.1.0.6.0 - Production on 12-APR-2010 09:35:53
Copyright (c) 1991, 2007, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for Linux: Version 11.1.0.6.0 - Production
Start Date 12-APR-2010 09:35:44
Uptime 0 days 0 hr. 0 min. 15 sec
Trace Level off
Security ON: Local OS Authentication
SNMP OFF
Listener Parameter File /home/oracle/product/11g/database/network/admin/listener.ora
Listener Log File /home/oracle/diag/tnslsnr/vm11g/listener/alert/log.xml
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=vm11g)(PORT=1521)))
Services Summary...
Service "xh" has 1 instance(s).
Instance "xh", status READY, has 1 handler(s) for this service...
Service "xhXDB" has 1 instance(s).
Instance "xh", status READY, has 1 handler(s) for this service...
Service "xh_XPT" has 1 instance(s).
Instance "xh", status READY, has 1 handler(s) for this service...
The command completed successfully
#已經連線不上了
[oracle@ora10g admin]$ sqlplus system/a123@test
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Apr 23 21:23:14 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-12537: TNS:connection closed
[oracle@vm11g admin]$ rm -rf sqlnet.ora
2.trigger方式 思路很簡單 就是登陸時候 sys_context獲取下使用者資訊中的ip_address(還可以獲取很多比如sessionid之類),然後丟擲一個異常
create or replace trigger test_ip
after logon on xh.schema
declare
ip VARCHAR2(50);
begin
select sys_context('userenv', 'ip_address') into ip from dual;
if ip='192.168.1.66' then
raise_application_error('-20002', 'this is test you can not loggon');
end if;
end test_ip;
SQL> set linesize 1000
SQL> select owner,status,trigger_type,triggering_event from dba_triggers where trigger_name='TEST_IP';
OWNER STATUS TRIGGER_TYPE TRIGGERING_EVENT
------------------------------ -------- ---------------- -----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
SYS ENABLED AFTER EVENT LOGON
SQL>
[oracle@ora10g admin]$
[oracle@ora10g admin]$ sqlplus xh/a123@test
SQL*Plus: Release 10.2.0.4.0 - Production on Fri Apr 23 21:44:04 2010
Copyright (c) 1982, 2007, Oracle. All Rights Reserved.
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20002: this is test you can not loggon
ORA-06512: at line 6
Enter user-name:
SYS_CONTEXT('USERENV','TERMINAL') terminal,
SYS_CONTEXT('USERENV','LANGUAGE') language,
SYS_CONTEXT('USERENV','SESSIONID') sessionid,
SYS_CONTEXT('USERENV','INSTANCE') instance,
SYS_CONTEXT('USERENV','ENTRYID') entryid,
SYS_CONTEXT('USERENV','ISDBA') isdba,
SYS_CONTEXT('USERENV','NLS_TERRITORY') nls_territory,
SYS_CONTEXT('USERENV','NLS_CURRENCY') nls_currency,
SYS_CONTEXT('USERENV','NLS_CALENDAR') nls_calendar,
SYS_CONTEXT('USERENV','NLS_DATE_FORMAT') nls_date_format,
SYS_CONTEXT('USERENV','NLS_DATE_LANGUAGE') nls_date_language,
SYS_CONTEXT('USERENV','NLS_SORT') nls_sort,
SYS_CONTEXT('USERENV','CURRENT_USER') current_user,
SYS_CONTEXT('USERENV','CURRENT_USERID') current_userid,
SYS_CONTEXT('USERENV','SESSION_USER') session_user,
SYS_CONTEXT('USERENV','SESSION_USERID') session_userid,
SYS_CONTEXT('USERENV','PROXY_USER') proxy_user,
SYS_CONTEXT('USERENV','PROXY_USERID') proxy_userid,
SYS_CONTEXT('USERENV','DB_DOMAIN') db_domain,
SYS_CONTEXT('USERENV','DB_NAME') db_name,
SYS_CONTEXT('USERENV','HOST') host,
SYS_CONTEXT('USERENV','OS_USER') os_user,
SYS_CONTEXT('USERENV','EXTERNAL_NAME') external_name,
SYS_CONTEXT('USERENV','IP_ADDRESS') ip_address,
SYS_CONTEXT('USERENV','NETWORK_PROTOCOL') network_protocol,
SYS_CONTEXT('USERENV','BG_JOB_ID') bg_job_id,
SYS_CONTEXT('USERENV','FG_JOB_ID') fg_job_id,
SYS_CONTEXT('USERENV','AUTHENTICATION_TYPE') authentication_type,
SYS_CONTEXT('USERENV','AUTHENTICATION_DATA') authentication_data
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/12020513/viewspace-660840/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Oracle9i 中如何限制登陸IPOracle
- oracle登陸限制指令碼Oracle指令碼
- ORACLE限制IP登入Oracle
- ORACLE 10G使用SQLNET.ORA限制IP登陸Oracle 10gSQL
- oracle使用者登陸失敗次數限制修改Oracle
- oracle 登陸Oracle
- TRIGGER語法和建立一個限制IP登陸的triiger
- oracle實驗記錄 (oracle的兩種受限制登陸訪問)Oracle
- django限制使用者重複登陸Django
- 限制資料庫登陸trigger資料庫
- ORACLE登陸包描述Oracle
- 透過TRIGGER限制IP登入
- Oracle登陸觸發器Oracle觸發器
- oracle登陸認證方式Oracle
- ORACLE登陸方式的研究Oracle
- 解決Mysql中只能通過localhost登陸不能通過ip登陸的問題MySqllocalhost
- Redis限制在規定時間範圍內登陸錯誤次數限制Redis
- oracle登陸設定指令碼Oracle指令碼
- 關於ORACLE登陸認證Oracle
- 限制 ssh 從某些 IP 登入( authorized_keys )Zed
- Oracle資料庫限制訪問IPOracle資料庫
- SSH安全登陸原理:密碼登陸與公鑰登陸密碼
- 在windows上以sysdba登陸oracleWindowsOracle
- oracle登陸之轉義特殊字元Oracle字元
- oracle兩種登陸認證方式Oracle
- ssh設定使用者從指定的IP登陸
- 如何限制ip訪問Oracle資料庫Oracle資料庫
- 常常登陸的幾個oracle站點Oracle
- MySQL命令列登陸,遠端登陸MySQLMySql命令列
- sqlnet.ora 驗證oracle 登陸方式SQLOracle
- normal、sysdba、sysoper登陸oracle的區別理解ORMOracle
- 自己整理的oracle登陸的認證方式。Oracle
- Oracle配置sqlnet.ora限制ip訪問[Oracle基礎]OracleSQL
- 做一個php登陸頁面,用pc登陸和用手機登陸彈出來的登陸頁面不一樣。PHP
- 設定oracle資料庫IP訪問限制(IP白名單黑名單)Oracle資料庫
- RHEL 6.5 登陸後放回登陸介面,迴圈登入問題
- Linux配置SSH免密登陸(公私鑰登陸)Linux
- 限制訪問Oracle客戶端IP方法總結Oracle客戶端