oracle sqlnet.ora的訪問控制策略是什么��,針對這個問題��,這篇文章詳細介紹了相對應的分析和解答����,希望可以幫助更多想解決這個問題的小伙伴找到更簡單易行的方法���。
創(chuàng)新互聯(lián)專注于中大型企業(yè)的成都網(wǎng)站設計�、做網(wǎng)站和網(wǎng)站改版�����、網(wǎng)站營銷服務����,追求商業(yè)策劃與數(shù)據(jù)分析、創(chuàng)意藝術與技術開發(fā)的融合��,累計客戶數(shù)千家����,服務滿意度達97%。幫助廣大客戶順利對接上互聯(lián)網(wǎng)浪潮�,準確優(yōu)選出符合自己需要的互聯(lián)網(wǎng)運用,我們將一直專注品牌網(wǎng)站設計和互聯(lián)網(wǎng)程序開發(fā)��,在前進的路上,與客戶一起成長����!
sqlnet.ora中進行下列參數(shù)的設置可以限制或允許用戶從特定的客戶機連接到數(shù)據(jù)庫中。
tcp.validnode_checking=yes|no
tcp.invited_nodes=(ip|hostname,...)
tcp.excluded_nodes=(ip|hostname,...)
##如果是hostname 則需要在/etc/hosts 里面配置對應的ip
tcp.validnode_checking 參數(shù)確定是否對客戶機IP地址進行檢查�����;
tcp.invited_nodes 參數(shù)列舉允許連接的客戶機的IP地址��;
tcp.excluded_nodes 參數(shù)列舉不允許連接的客戶機的IP地址���。
需要注意的地方:
1���、tcp.invited_nodes與tcp.excluded_nodes都存在,以tcp.invited_nodes為主
2�����、一定要許可或不要禁止服務器本機的IP地址��,否則通過lsnrctl將不能啟動或停止監(jiān)聽����,因為該過程監(jiān)聽程序會通過本機的IP訪問監(jiān)聽器,而該IP被禁止了���,但是通過服務啟動或關閉則不影響����。
3�����、修改之后�,分兩種情況
如果是第一次使用sqlnet.ora 文件,則需要重啟數(shù)據(jù)庫�。
如果之前已經(jīng)使用了sqlnet.ora 則不需要重啟數(shù)據(jù)庫,reload 監(jiān)聽就可以���!
4���、任何平臺都可以,但是只適用于TCP/IP協(xié)議
下面做實驗測試訪問控制:
環(huán)境:����、
數(shù)據(jù)庫:yangdb 主機名:rac3 ip 10.250.7.241
主機名:rac1 ip 10.250.7.225
在 yangdb 上面的sqlnet.ora 設置,在rac1服務器端進行訪問��!
場景一:修改文件,不啟動監(jiān)聽
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.241,10.250.7.225)
#不允許訪問的ip
#tcp.excluded_nodes=(ip1,ip2,…x…)
在rac1 端訪問��,顯示TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:50:35
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:53:58
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:54:49
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12537: TNS:connection closed~
在 rac3 上進行reload 命令:
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:05
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
再次訪問yangdb���,則可以訪問
在yangdb 上創(chuàng)建表
YANG@yangdb-rac3> create table yang1 as select * from dba_objects ;
Table created.
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:55:10
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
OK (10 msec)
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>sqlplus yang/yang@yangdb
SQL*Plus: Release 11.2.0.1.0 Production on Tue Sep 27 21:55:17 2011
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
yang@YANGDB> select count(*) from yang1
COUNT(*)
----------
72508
yang@YANGDB> exit
場景二:修改rac3 上的sqlnet.ora 文件���,進行reload操作,rac1 訪問rac3的yangdb受限制
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允許訪問的ip
#tcp.invited_nodes =(10.250.7.241,10.250.7.225)
tcp.invited_nodes =(10.250.7.241)
#不允許訪問的ip
#tcp.excluded_nodes=(ip1,ip2,…x…)
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:57:20
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12537: TNS:connection closed
oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:11
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
TNS-12547: TNS:lost contact
場景三 在sqlnet.ora 中同時設置 tcp.invited_nodes�,tcp.excluded_nodes 以tcp.invited_nodes 為準!
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>vi sqlnet.ora
tcp.validnode_checking=yes
#允許訪問的ip
tcp.invited_nodes =(10.250.7.241,10.250.7.225)
#tcp.invited_nodes =(10.250.7.241)
#不允許訪問的ip
tcp.excluded_nodes=(10.250.7.225) "sqlnet.ora" 7L, 186C 已寫入
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin>lsnrctl reload
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:19
Copyright (c) 1991, 2009, Oracle. All rights reserved.
Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
The command completed successfully
oracle@rac3:/opt/oracle/11.2.0/alifpre/network/admin> oracle@rac1:/opt/rac/oracle/11.2.0/dbs/network/admin>tnsping yangdb
TNS Ping Utility for Linux: Version 11.2.0.1.0 - Production on 27-SEP-2011 21:58:25
Copyright (c) 1997, 2009, Oracle. All rights reserved.
Used parameter files:
Used TNSNAMES adapter to resolve the alias
Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 10.250.7.241)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = yangdb)))
OK (0 msec)
關于oracle sqlnet.ora的訪問控制策略是什么問題的解答就分享到這里了�����,希望以上內(nèi)容可以對大家有一定的幫助����,如果你還有很多疑惑沒有解開,可以關注創(chuàng)新互聯(lián)行業(yè)資訊頻道了解更多相關知識����。
本文題目:oraclesqlnet.ora的訪問控制策略是什么
文章分享:
http://weahome.cn/article/gisecc.html
重慶分公司
重慶分公司
