在NET8采用TCP/IP协议时,在oracle9i服务器的sqlnet.ora中进行下列参数的设置可以限制或允许用户从特定的客户机连接到数据库中。
tcp.validnode_checking=yes|no
tcp.invited_nodes=(ipaddress|hostname)
tcp.excluded_nodes=(ipaddress|hostname)
其中tcp.validnode_checking参数确定是否对客户机IP地址进行检查;
tcp.invited_nodes参数列举允许连接的客户机的IP地址;
tcp.excluded_nodes参数列举不允许连接的客户机的IP地址。
(注意:在oracle8i中使用protocol.ora 文件,如果没有该文件,请自己建立一个.)
例如:
通过对oracle9i参数文件的设置,可以控制访问计算机的ip地址。
在数据库服务器(172.28.65.13)上的配置文件$ORACLE_HOME/network/sqlnet.ora中增加如下几行:
#开启对ip地址的检查
tcp.validnode_checking=yes
#允许访问的ip
tcp.invited_nodes=(172.28.65.13)
#禁止访问的ip
ip.excluded_nodes= (172.27.65.15)
重启监听!
$ lsnrctl reload
LSNRCTL for Solaris: Version 9.2.0.4.0 - Production on 14-DEC-2005 16:59:19
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
The command completed successfully.
在客户端机器(172.28.65.15)上编辑$ORACLE_HOME/network/admin/tnsnames.ora文件:
dsf =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(Host= 172.28.65.13)(Port = 1521))
(CONNECT_DATA = (SID = ORCL))
)
在15这台机器上进行tnsping测试:
$ tnsping dsf
TNS Ping Utility for Solaris: Version 9.2.0.4.0 - Production on 14-DEC-2005 17:04:02
Copyright (c) 1997 Oracle Corporation. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(Host=172.28.65.13)(Port = 1521)) (CONNECT_DATA = (SID = ORCL)))
TNS-12537: TNS:connection closed
连接测试:
$ sqlplus wacos/oss@dsf
SQL*Plus: Release 9.2.0.4.0 - Production on Wed Dec 14 17:04:24 2005
Copyright (c) 1982, 2002, Oracle Corporation. All rights reserved.
ERROR:
ORA-12537: TNS:connection closed