oracle sqlnet.ora的访问控制策略是什么

发布时间:2021-11-06 16:28:29 作者:柒染
来源:亿速云 阅读:329

oracle sqlnet.ora的访问控制策略是什么,针对这个问题,这篇文章详细介绍了相对应的分析和解答,希望可以帮助更多想解决这个问题的小伙伴找到更简单易行的方法。

sqlnet.ora中进行下列参数的设置可以限制或允许用户从特定的客户机连接到数据库中。

tcp.validnode_checking=yes|no

tcp.invited_nodes=(ip|hostname,...)

tcp.excluded_nodes=(ip|hostname,...)

##如果是hostname 则需要在/etc/hosts 里面配置对应的ip

tcp.validnode_checking   参数确定是否对客户机IP地址进行检查;

tcp.invited_nodes        参数列举允许连接的客户机的IP地址;

tcp.excluded_nodes       参数列举不允许连接的客户机的IP地址。

需要注意的地方:

1、tcp.invited_nodes与tcp.excluded_nodes都存在,以tcp.invited_nodes为主

2、一定要许可或不要禁止服务器本机的IP地址,否则通过lsnrctl将不能启动或停止监听,因为该过程监听程序会通过本机的IP访问监听器,而该IP被禁止了,但是通过服务启动或关闭则不影响。

3、修改之后,分两种情况

  如果是第一次使用sqlnet.ora 文件,则需要重启数据库。

  如果之前已经使用了sqlnet.ora 则不需要重启数据库,reload 监听就可以!

4、任何平台都可以,但是只适用于TCP/IP协议

下面做实验测试访问控制:

环境:、

数据库:yangdb  主机名:rac3 ip 10.250.7.241

                主机名:rac1 ip 10.250.7.225 

在 yangdb 上面的sqlnet.ora 设置,在rac1服务器端进行访问! 

场景一:修改文件,不启动监听

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora 

tcp.validnode_checking=yes

#允许访问的ip

tcp.invited_nodes =(10.250.7.241,10.250.7.225)

#不允许访问的ip

#tcp.excluded_nodes=(ip1,ip2,…x…) 

在rac1 端访问,显示TNS-12547: TNS:lost contact

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:50:35

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

TNS-12547: TNS:lost contact

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:53:58

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

TNS-12547: TNS:lost contact

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:54:49

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

TNS-12537: TNS:connection closed~           

在 rac3 上进行reload 命令:

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:05

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

The command completed successfully

再次访问yangdb,则可以访问

在yangdb 上创建表

YANG@yangdb-rac3>  create table yang1 as select * from dba_objects ;

Table created.

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:10

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

OK (10 msec)

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>sqlplus yang/yang@yangdb

SQL*Plus: Release 11.2.0.1.0 Production on Tue Sep 27 21:55:17 2011

Copyright (c) 1982, 2009, Oracle.  All rights reserved.

Connected to:

Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production

With the Partitioning, OLAP, Data Mining and Real Application Testing options

yang@YANGDB> select count(*) from yang1

  COUNT(*)

----------

     72508

yang@YANGDB> exit

场景二:修改rac3 上的sqlnet.ora 文件,进行reload操作,rac1 访问rac3的yangdb受限制

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora 

tcp.validnode_checking=yes

#允许访问的ip

#tcp.invited_nodes =(10.250.7.241,10.250.7.225)

tcp.invited_nodes =(10.250.7.241)

#不允许访问的ip

#tcp.excluded_nodes=(ip1,ip2,…x…)                     

                                                                                                                                        

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:57:20

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

TNS-12537: TNS:connection closed

oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:11

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

TNS-12547: TNS:lost contact

场景三 在sqlnet.ora 中同时设置 tcp.invited_nodes,tcp.excluded_nodes 以tcp.invited_nodes 为准!

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora 

tcp.validnode_checking=yes

#允许访问的ip

tcp.invited_nodes =(10.250.7.241,10.250.7.225)

#tcp.invited_nodes =(10.250.7.241)

#不允许访问的ip

tcp.excluded_nodes=(10.250.7.225)                                         "sqlnet.ora" 7L, 186C 已写入

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:19

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))

The command completed successfully

oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>                     oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb

TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:25

Copyright (c) 1997, 2009, Oracle.  All rights reserved.

Used parameter files:

Used TNSNAMES adapter to resolve the alias

Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))

OK (0 msec)

关于oracle sqlnet.ora的访问控制策略是什么问题的解答就分享到这里了,希望以上内容可以对大家有一定的帮助,如果你还有很多疑惑没有解开,可以关注亿速云行业资讯频道了解更多相关知识。

推荐阅读:
  1. oracle11g网络配置
  2. 限制指定机器IP访问oracle数据库

免责声明:本站发布的内容(图片、视频和文字)以原创、转载和分享为主,文章观点不代表本网站立场,如果涉及侵权请联系站长邮箱:is@yisu.com进行举报,并提供相关证据,一经查实,将立刻删除涉嫌侵权内容。

oracle sqlnet.ora

上一篇:redhat7中swappiness配置问题分析

下一篇:不好的JS代码风格有哪些

相关阅读

您好,登录后才能下订单哦!

密码登录
登录注册
其他方式登录
点击 登录注册 即表示同意《亿速云用户服务条款》