本机器禁止访问mysql服务器_限制指定机器IP访问oracle数据库
通過(guò)使用數(shù)據(jù)庫(kù)服務(wù)器端的sqlnet.ora文件可以實(shí)現(xiàn)禁止指定IP主機(jī)訪問(wèn)數(shù)據(jù)庫(kù)的功能,這對(duì)于提升數(shù)據(jù)庫(kù)的安全性有很大的幫助,與此同時(shí),這個(gè)技術(shù)為我們管理和約束數(shù)據(jù)庫(kù)訪問(wèn)控制提供了有效的手段。
下面是實(shí)現(xiàn)這個(gè)目的的具體步驟僅供參考:
1.默認(rèn)的服務(wù)器端sqlnet.ora文件的內(nèi)容
# sqlnet.ora Network Configuration File: D:\Server\Oracle\Product\11.2.0\dbhome_1\network\admin\sqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES)
2.確認(rèn)客戶端的IP地址:
C:\Documents and Settings\Administrator>ipconfig
3.在客戶端分別使用tnsping命令和sqlplus命令來(lái)驗(yàn)證數(shù)據(jù)庫(kù)的連通性:
C:\Documents and Settings\Administrator>tnsping irmdb
C:\Documents and Settings\Administrator>sqlplus /nolog
到這里說(shuō)明在客戶端兩種方式都證明的數(shù)據(jù)庫(kù)的可連通性。
4.限制客戶端IP地址9.123.112.16對(duì)當(dāng)前irmdb數(shù)據(jù)庫(kù)的訪問(wèn):
我們只需要在服務(wù)器端的sqlnet.ora文件中添加下面的內(nèi)容即可。
# sqlnet.ora Network Configuration File: D:\Server\Oracle\Product\11.2.0\dbhome_1\network\admin\sqlnet.ora
# Generated by Oracle configuration tools.
# This file is actually generated by netca. But if customers choose to
# install "Software Only", this file wont exist and without the native
# authentication, they will not be able to connect to the database on NT.
SQLNET.AUTHENTICATION_SERVICES= (NTS)
NAMES.DIRECTORY_PATH= (TNSNAMES)
tcp.validnode_checking=yes
tcp.invited_nodes=(9.123.112.34)
tcp.excluded_nodes=(9.123.112.16)
第一行的含義:開(kāi)啟IP限制功能;
第二行的含義:允許訪問(wèn)數(shù)據(jù)庫(kù)的IP地址列表,多個(gè)IP地址使用逗號(hào)分開(kāi),此例中我們寫(xiě)入數(shù)據(jù)庫(kù)服務(wù)器的IP地址;
第三行的含義:禁止訪問(wèn)數(shù)據(jù)庫(kù)的IP地址列表,多個(gè)IP地址使用逗號(hào)分開(kāi),此處我們寫(xiě)入欲限制的IP地址9.123.112.16。
5.重新啟服務(wù)器端listener后生效(這里也可以通過(guò)lsnrctl reload方式實(shí)現(xiàn)):
C:\Documents and Settings\Administrator>lsnrctl stop
1)在9i中真正起作用的是sqlnet.ora文件,我們修改sqlnet.ora其實(shí)是最好最快的方法。
在soracle\product\10.2.0\db_1\network\ADMIN\qlnet.ora中增加如下部分
tcp.validnode_checking=yes
#允許訪問(wèn)的IP
tcp.invited_nodes=(ip1,ip2……)
#禁止訪問(wèn)的IP
tcp.excluded_nodes=(ip1,ip2……)
之后重新啟動(dòng)監(jiān)聽(tīng)器即可
需要注意的地方:
1、tcp.invited_nodes與tcp.excluded_nodes都存在,以tcp.invited_nodes為主
2、一定要許可或不要禁止服務(wù)器本機(jī)的IP地址,否則通過(guò)lsnrctl將不能啟動(dòng)或停止監(jiān)聽(tīng),因?yàn)樵撨^(guò)程監(jiān)聽(tīng)程序會(huì)通過(guò)本機(jī)的IP訪問(wèn)監(jiān)聽(tīng)器,而該IP被禁止了,但是通過(guò)服務(wù)啟動(dòng)或關(guān)閉則不影響。
3、修改之后,一定要重起監(jiān)聽(tīng)才能生效,而不需要重新啟動(dòng)數(shù)據(jù)庫(kù)
4、任何平臺(tái)都可以,但是只適用于TCP/IP協(xié)議
(2)第二種方法使用觸發(fā)器實(shí)現(xiàn)
1、這個(gè)觸發(fā)器實(shí)現(xiàn)了192.168.137開(kāi)始的IP不能訪問(wèn)test用戶的功能
create or replace trigger chk_ip
after logon on test.schema
declare
ipaddr VARCHAR2(30);
begin
select sys_context('userenv', 'ip_address') into ipaddr from dual;
if ipaddr like ('192.168.137.%') then
raise_application_error('-20001', 'you can not logon by test');
end if;
end ;
/
過(guò)對(duì)oracle9i參數(shù)文件的設(shè)置,可以控制訪問(wèn)計(jì)算機(jī)的ip地址。
在172.28.65.13這臺(tái)機(jī)器上的配置文件$ORACLE_HOME/network/sqlnet.ora中增加:
#開(kāi)啟對(duì)ip地址的檢查
tcp.validnode_checking=yes
#允許訪問(wèn)的ip
tcp.invited_nodes=(172.28.65.13)
#禁止訪問(wèn)的ip
ip.excluded_nodes= (172.27.65.15)
重啟監(jiān)聽(tīng)!
$ lsnrctl reload
LSNRCTL for Solaris: Version 9.2.0.4.0 - Production on 14-DEC-2005 16:59:19
Copyright (c) 1991, 2002, Oracle Corporation.? All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
The command completed successfully.
在172.28.65.15這臺(tái)機(jī)器上編輯$ORACLE_HOME/network/admin/tnsnames.ora文件:
此處可以添加新的服務(wù)(dsf):
dsf =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(Host= 172.28.65.13)(Port = 1521))
(CONNECT_DATA = (SID = ORCL))
)
在15上進(jìn)行tnsping測(cè)試:
$ tnsping dsf
TNS Ping Utility for Solaris: Version 9.2.0.4.0 - Production on 14-DEC-2005 17:04:02
Copyright (c) 1997 Oracle Corporation.? All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(Host= 172.28.65.13)(Port = 1521)) (CONNECT_DATA = (SID = ORCL)))
TNS-12537: TNS:connection closed
連接測(cè)試:
$ sqlplus wacos/oss@dsf
SQL*Plus: Release 9.2.0.4.0 - Production on Wed Dec 14 17:04:24 2005
Copyright (c) 1982, 2002, Oracle Corporation.? All rights reserved.
ERROR:
ORA-12537: TNS:connection closed
-------------------------------------------------------------------------------------------------------------------
TCP.VALIDNODE_CHECKING,這個(gè)參數(shù)必須設(shè)置,值也必須是YES,否則就是不啟用
TCP.VALIDNODE_CHECKING=YES
白名單的設(shè)置參數(shù),這個(gè)地址列表中必須包含本機(jī)的地址,不然監(jiān)聽(tīng)可能要啟動(dòng)失敗
TCP.INVITED_NODES=(10.10.2.100,10.10.2.101)
黑名單的設(shè)置參數(shù):
TCP.EXCLUDED_NODES=(10.10.1.100)
總結(jié)
以上是生活随笔為你收集整理的本机器禁止访问mysql服务器_限制指定机器IP访问oracle数据库的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問(wèn)題。
- 上一篇: verilog语法学习目录
- 下一篇: sql 数据库前两列值乘_SQL注入原理