【oracle】sqlnet.ora 访问控制策略
2024-04-12 22:46:19
sqlnet.ora中进行下列参数的设置可以限制或允许用户从特定的客户机连接到数据库中。
tcp.validnode_checking=yes|no
tcp.invited_nodes=(ip|hostname,...)
tcp.excluded_nodes=(ip|hostname,...)
##如果是hostname 则需要在/etc/hosts 里面配置对应的ip
tcp.validnode_checking 参数确定是否对客户机IP地址进行检查;
tcp.invited_nodes 参数列举允许连接的客户机的IP地址;
tcp.excluded_nodes 参数列举不允许连接的客户机的IP地址。
需要注意的地方:
1、tcp.invited_nodes与tcp.excluded_nodes都存在,以tcp.invited_nodes为主
2、一定要许可或不要禁止服务器本机的IP地址,否则通过lsnrctl将不能启动或停止监听,因为该过程监听程序会通过本机的IP访问监听器,而该IP被禁止了,但是通过服务启动或关闭则不影响。
3、修改之后,分两种情况
如果是第一次使用sqlnet.ora 文件,则需要重启数据库。
如果之前已经使用了sqlnet.ora 则不需要重启数据库,reload 监听就可以!
4、任何平台都可以,但是只适用于TCP/IP协议
下面做实验测试访问控制:
环境:、
数据库:yangdb 主机名:rac3 ip 10.250.7.241
主机名:rac1 ip 10.250.7.225
在 yangdb 上面的sqlnet.ora 设置,在rac1服务器端进行访问!
场景一:修改文件,不启动监听
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允许访问的ip
tcp.invited_nodes =(10.250.7.241,10.250.7.225)
#不允许访问的ip
#tcp.excluded_nodes=(ip1,ip2,…x…)
在rac1 端访问,显示TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:50:35
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:53:58
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:54:49
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12537: TNS:connection closed~
在 rac3 上进行reload 命令:
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:05
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
再次访问yangdb,则可以访问
在yangdb 上创建表
YANG@yangdb-rac3> create table yang1 as select * from dba_objects ;
Table created.
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:10
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
OK (10 msec)
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>sqlplus yang/yang@yangdb
SQL*Plus: Release 11.2.0.1.0 Production on Tue Sep 27 21:55:17 2011
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
yang@YANGDB> select count(*) from yang1
COUNT(*)
----------
72508
yang@YANGDB> exit
场景二:修改rac3 上的sqlnet.ora 文件,进行reload操作,rac1 访问rac3的yangdb受限制
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允许访问的ip
#tcp.invited_nodes =(10.250.7.241,10.250.7.225)
tcp.invited_nodes =(10.250.7.241)
#不允许访问的ip
#tcp.excluded_nodes=(ip1,ip2,…x…)
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:57:20
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12537: TNS:connection closed
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:11
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
场景三 在sqlnet.ora 中同时设置 tcp.invited_nodes,tcp.excluded_nodes 以tcp.invited_nodes 为准!
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允许访问的ip
tcp.invited_nodes =(10.250.7.241,10.250.7.225)
#tcp.invited_nodes =(10.250.7.241)
#不允许访问的ip
tcp.excluded_nodes=(10.250.7.225) "sqlnet.ora" 7L, 186C 已写入
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:19
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin> oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:25
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
OK (0 msec)
【oracle】sqlnet.ora 访问控制策略相关推荐
- ORACLE网络连接配置与文件:listener.ora、sqlnet.ora、tnsnames.ora
[转自]http://www.chinaunix.net/jh/19/594396.html 最近看到好多人说到tns或者数据库不能登录等问题,就索性总结了下面的东东. 首先来说oracle的网络结构 ...
- oracle12c没有有sqlnet文件,Oracle的sqlnet.ora文件配置
DBA对这个文件一定不会陌生,大家了解最多的也一定是sqlnet.ora用来决定oracle怎么解析一个连接中出现的字符串,例如: sqlplus sys/oracle@orcl 那么这个orcl怎么 ...
- Oracle监听启动扫描sqlnet,监听中sqlnet.ora的作用
sqlnet.ora最常用的两个功能是: 客户端起作用==连接方式 用于指定客户端的名称解析查询的命名方法的顺序.==>> NAMES.DIRECTORY_PATH=(tnsnames, ...
- Oracle的网络三大配置文件(sqlnet.ora、tnsnames.ora、listener.ora)
Oracle的网络三大配置文件(sqlnet.ora.tnsnames.ora.listener.ora) blog文档结构图: 1 说明 为了使得外部进程能够访问Oracle 数据库则必须配置Or ...
- oracle sqlnet配置,sqlnet.ora文件配置详解
一.于sqlnet.ora的说明: *****************************************************FROM ORACLE11G DOCS********** ...
- oracle访问控制策略查看,ORACLE 安全访问策略VPD与ORA-28132
今天下午,开发同事反馈,某地市的医保oracle数据库执行存储过程报错,报错信息是ORA-28132: ERROR IS:ORA-28132: MERGE INTO 语法不支持安全策略 相关的sql语 ...
- Oracle配置文件详解listener.ora,sqlnet.ora,tnames.ora
三个配置文件 listener.ora.sqlnet.ora.tnsnames.ora,都是放在$Oracle_home\network\admin目录下. 重点:三个文件的作用和使用 sqlnet. ...
- oracle orapath,SQLNET.ORA中的NAMES.DIRECTORY_PATH设置
sqlnet.ora中的NAMES.DIRECTORY_PATH设置[@more@] sqlplus 假如我的sqlnet.ora是下面这个样子 D:oracleproduct10.2.0db_1NE ...
- 笔记系列---------sqlnet.ora维护
一.功能及作用 # NAME # sqlnet.ora # FUNCTION # Oracle Network Client startup parameter file example # NOTE ...
最新文章
- 使用EMR-Kafka Connect进行数据迁移
- 我们无法更新系统保留的分区_系统更新是我们手机的基本功能之一 安卓智能更新有哪些用途...
- HoverTree开发日志之验证码
- OC中Runtime浅析
- Windows Phone 8初学者开发—第9部分:Windows Phone 8模拟器概述
- 2013第44周日小结
- sun服务器如何查cpu信息,solaris 如何查看CPU信息
- 【元胞自动机】基于matlab元胞自动机单车道交通流(时空图)【含Matlab源码 1681期】
- pcr技术发展史——人类核酸研究的前世今生
- 手机拍照反差对焦、相位对焦和激光对焦系统解析
- 苹果这一次太强硬!如果你的 App 拒绝支持这些技术,将在2020年4月30日后全面下架!...
- 《Python数据分析基础教程:NumPy学习指南(第2版)》笔记1:第一章 NumPy快速入门
- ISO14443-3
- 今天来分享一下菜鸟是如何建站的吧
- 关于二分查找算法中中间值的获取
- MATLAB学习体会(来自小木虫)
- 张学工模式识别第四版——02 统计决策方法
- 成为高可视化地图应用专家-赋能智慧城市建设
- osi七层模型和tcp\ip协议
- SCSI、iSCSI、FC