禁止特定IP访问Oracle数据库_绿色软件之家

绿色软件之家:您身边最放心的安全下载站! 最新更新|软件分类|软件专题|手机版|系统之家|纯净系统

您当前所在位置:首页数据库Oracle → 禁止特定IP访问Oracle数据库

禁止特定IP访问Oracle数据库

时间:2015/6/28来源:绿色软件之家作者:网管联盟我要评论(0)

  通过使用数据库服务器端的sqlnet.ora文件可以实现禁止指定IP主机访问数据库的功能,这对于提升数据库的安全性有很大的帮助,与此同时,这个技术为我们管理和约束数据库访问控制提供了有效的手段。下面是实现这个目的的具体步骤仅供参考:

  1.默认的服务器端sqlnet.ora文件的内容:

  这里我们以oracle 10.2.0.3版本为例进行简述,先来看一下当前sqlnet.ora文件内容:

  # This file is actually generated by netca. But if customers choose to

  # install "Software Only", this file wont exist and without the native

  # authentication, they will not be able to connect to the database on NT.

  SQLNET.AUTHENTICATION_SERVICES = (NTS)

  2.确认客户端的IP地址:

  C:\Documents and Settings\Administrator>ipconfig

  Windows IP Configuration

  Ethernet adapter Local Area Connection 2:

  Media State . . . . . . . . . . . : Media disconnected

  Ethernet adapter Local Area Connection:

  Connection-specific DNS Suffix  . :

  IP Address. . . . . . . . . . . . : 9.123.112.16

  Subnet Mask . . . . . . . . . . . : 255.255.255.0

  Default Gateway . . . . . . . . . : 9.123.112.1

  3.在客户端分别使用tnsping命令和sqlplus命令来验证数据库的连通性:

  C:\Documents and Settings\Administrator>tnsping irmdb

  TNS Ping Utility for 32-bit Windows: Version 10.2.0.3.0 - Production on 06-APR-2010 11:05:09

  Copyright (c) 1997, 2006, Oracle.  All rights reserved.

  Used parameter files:

  C:\oracle\product\10.2.0\db_1\network\admin\sqlnet.ora

  Used TNSNAMES adapter to resolve the alias

  Attempting to contact (DESCRIPTION = (ADDRESS_LIST = (ADDRESS = (PROTOCOL = TCP)

  (HOST = 9.123.112.34)(PORT = 1521))) (CONNECT_DATA = (SERVICE_NAME = irmdb)))

  OK (20 msec)

  C:\Documents and Settings\Administrator>sqlplus /nolog

  SQL*Plus: Release 10.2.0.3.0 - Production on Tue Apr 6 11:05:12 2010

  Copyright (c) 1982, 2006, Oracle.  All Rights Reserved.

  SQL> conn irmadmin/passw0rd@irmdb

  Connected.

  到这里说明在客户端两种方式都证明的数据库的可连通性。

  4.限制客户端IP地址9.123.112.16对当前irmdb数据库的访问:

  我们只需要在服务器端的sqlnet.ora文件中添加下面的内容即可。

  # This file is actually generated by netca. But if customers choose to

  # install "Software Only", this file wont exist and without the native

  # authentication, they will not be able to connect to the database on NT.

  SQLNET.AUTHENTICATION_SERVICES = (NTS)

  tcp.validnode_checking=yes

  tcp.invited_nodes=(9.123.112.34)

  tcp.excluded_nodes=(9.123.112.16)

  第一行的含义:开启IP限制功能;

  第二行的含义:允许访问数据库的IP地址列表,多个IP地址使用逗号分开,此例中我们写入数据库服务器的IP地址;

  第三行的含义:禁止访问数据库的IP地址列表,多个IP地址使用逗号分开,此处我们写入欲限制的IP地址9.123.112.16。

  5.重新启服务器端listener后生效(这里也可以通过lsnrctl reload方式实现):

  C:\Documents and Settings\Administrator>lsnrctl stop

  LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 06-APR-2010 11:07:48

  Copyright (c) 1991, 2006, Oracle.  All rights reserved.

  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rmesvr34.cn.ibm.com)(POR

  T=1521)))

  The command completed successfully

  C:\Documents and Settings\Administrator>lsnrctl start

  LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 06-APR-2010 11:07:52

  Copyright (c) 1991, 2006, Oracle.  All rights reserved.

  Starting tnslsnr: please wait...

  TNSLSNR for 32-bit Windows: Version 10.2.0.3.0 - Production

  System parameter file is C:\oracle\product\10.2.0\db_1\network\admin\listener.ora

  Log messages written to C:\oracle\product\10.2.0\db_1\network\log\listener.log

  Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=rmesvr34.cn.ibm.com)(POR

  T=1521)))

  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rmesvr34.cn.ibm.com)(POR

  T=1521)))

  STATUS of the LISTENER

  ------------------------

  Alias   LISTENER

  Version TNSLSNR for 32-bit Windows: Version 10.2.0.3.0 - Produ

  ction

  Start Date    06-APR-2010 11:07:53

  Uptime  0 days 0 hr. 0 min. 2 sec

  Trace Level   off

  Security      ON: Local OS Authentication

  SNMP    OFF

  Listener Parameter File   C:\oracle\product\10.2.0\db_1\network\admin\listener.o

  ra

  Listener Log File   C:\oracle\product\10.2.0\db_1\network\log\listener.log

  Listening Endpoints Summary...

  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=rmesvr34.cn.ibm.com)(PORT=1521)))

  Services Summary...

  Service "PLSExtProc" has 1 instance(s).

  Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...

  The command completed successfully

  C:\Documents and Settings\Administrator>sqlplus /nolog

  SQL*Plus: Release 10.2.0.3.0 - Production on Tue Apr 6 11:07:57 2010

  Copyright (c) 1982, 2006, Oracle.  All Rights Reserved.

  SQL> conn / as sysdba;

  Connected.

  SQL> alter system register;

  System altered.

  SQL> quit

  Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.3.0 - Pr

  oduction

  With the Partitioning, OLAP and Data Mining options

  C:\Documents and Settings\Administrator>lsnrctl status

  LSNRCTL for 32-bit Windows: Version 10.2.0.3.0 - Production on 06-APR-2010 11:08:05

  Copyright (c) 1991, 2006, Oracle.  All rights reserved.

  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=rmesvr34.cn.ibm.com)(PORT=1521)))

  STATUS of the LISTENER

  ------------------------

  Alias   LISTENER

  Version TNSLSNR for 32-bit Windows: Version 10.2.0.3.0 - Produ

  ction

  Start Date    06-APR-2010 11:07:53

  Uptime  0 days 0 hr. 0 min. 12 sec

  Trace Level   off

  Security    

关键词标签:Oracle,数据库

相关阅读

文章评论
发表评论

热门文章 Oracle中使用alter table来增加,删除,修改列Oracle中使用alter table来增加,删除,修改列oracle中使用SQL语句修改字段类型-oracle修oracle中使用SQL语句修改字段类型-oracle修使用低权限Oracle数据库账户得到管理员权限使用低权限Oracle数据库账户得到管理员权限Oracle对user的访问控制Oracle对user的访问控制

相关下载

人气排行 ORACLE SQL 判断字符串是否为数字的语句Oracle中使用alter table来增加,删除,修改列的语法ORACLE和SQL语法区别归纳(1)oracle grant 授权语句如何加速Oracle大批量数据处理Oracle删除表的几种方法ORACLE修改IP地址后如何能够使用Oracle 10g创建表空间和用户并指定权限