Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

What are the operations of Oracle database network and secure FAQ

2025-04-02 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

Oracle database network and security FAQ operation what, many novices are not very clear about this, in order to help you solve this problem, the following small series will be explained in detail for everyone, there are people who need to learn, I hope you can harvest.

[Q]How to restrict access to a database to specific IPs

[A]You can use the login trigger, cmgw, or add a protocol.ora file under $OREACLE_HOME/network/admin (some os may be. protocol.ora), 9i can modify sqlnet.ora directly:

Add the following:

tcp.validnode_checking=yes

#Allow access to i

tcp.inited_nodes=(ip1,ip2,……)

#I'm not allowed to visit

tcp.excluded_nodes=(ip1,ip2,……)

[Q]How to connect to a database through a firewall

[A]This problem only occurs on WIN platforms, UNIX platforms resolve it automatically.

Solution:

SQLNET.ORA on the server side should look like

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)

TRACE_LEVEL_CLIENT = 16

HOME0 of the registry plus [HKEY_LOCAL_MACHINE]

USE_SHARED_SOCKET=TRUE

[Q]How to connect to a database using hostname

[A]host name mode Small local area network that only supports tcp/ip protocol

Modify the following information in listener.ora

(SID_DESC =

(GLOBAL_DBNAME = ur_hostname) --Your machine name

(ORACLE_HOME = E:oracleora92) --oracle home

(SID_NAME = orcl) --sid name

)

Then in sqlnet.ora on the client side, make sure there is

NAMES.DIRECTORY_PATH= (HOSTNAME)

You can access the database using the name of the database server

[Q] What security risks can dbms_repcat_admin bring

[A]Execute permissions for this package may be obtained in the following cases:

1. Under sys

grant execute on dbms_repcat_admin to public[ user_name]

2. The user has the privilege of executing any procedure (only limited to 9i below, 9i must display authorization)

If the user executes the following statement:

exec sys.dbms_repcat_admin.grant_admin_any_schema('user_name');

This user will receive great system privileges

Details can be found in user_sys_privs

[Q]When you don't know the user password, how to jump to another user and perform the operation without affecting the user?

[A]We can safely use the user by using the following method, and then jump back, which is useful at some times

Alter user or DBA permissions required:

SQL> select password from dba_users where username='SCOTT';

PASSWORD

-----------------------------

F894844C34402B67

SQL> alter user scott identified by lion;

User altered.

SQL> connect scott/lion

Connected.

REM Do whatever you like...

SQL> connect system/manager

Connected.

SQL> alter user scott identified by values 'F894844C34402B67';

User altered.

SQL> connect scott/tiger

Connected

[Q]How to strengthen your database

[A]Note the following

1. Change the password for sys, system.

2. Lock, modify, delete default users: dbsnmp,ctxsys, etc.

3. Change REMOTE_OS_AUTHENT to False to prevent remote machines from logging in directly.

4. Change O7_DICTIONARY_ACCESSIBILITY to False.

5. Remove some permissions from PUBLIC Role.

6. Check the security of the database data files. Don't set it to 666 or something like that. Check other dba users.

7. Turn off unwanted services (ftp, nfs, etc.)

8. Limit the number of users on the database host.

9. Regularly check the security Alert on Metalink/OTN. For example: http://otn.oracle.com/deploy/security/alerts.htm

10. Keep your database and applications on a separate subnet, otherwise your user passwords are easily sniffed. Or use advance security to encrypt user logins.

11. Limit access to your database to certain IPs.

12. Lsnrctl needs to add a password, otherwise it is easy for others to turn off your listener from the outside.

13. If possible, do not use the default port 1521

[Q]How to check if the user is using the default password

[A]If using default passwords is likely to pose a security risk to your database, you can use the following query to find out which users use default passwords.

select username "User(s) with Default Password! "

from dba_users

where password in

('E066D214D5421CCC', -- dbsnm

'24ABAB8B06281B4C', -- ctxsys

'72979A94BAD2AF80', -- mdsys

'C252E8FA117AF049', -- odm

'A7A32CD03D3CE8D5', -- odm_mtr

'88A2B2C183431F00', -- ordplugins

'7EFA02EC7EA6B86F', -- ordsys

'4A3BA55E08595C81', -- outln

'F894844C34402B67', -- scott

'3F9FBD883D787341', -- wk_proxy

'79DF7A1BD138CF11', -- wk_sys

'7C9BA362F8314299', -- wmsys

'88D8364765FCE6AF', -- xdb

'F9DA8977092B7B81', -- tracesvr

'9300C0977D7DC75E', -- oas_public

'A97282CE3D94E29E', -- websys

'AC9700FD3F1410EB', -- lbacsys

'E7B5D92911C831E1', -- rman

'AC98877DE1297365', -- perfstat

'66F4EF5650C20355', -- exfsys

'84B8CBCA4D477FA3', -- si_informtn_schema

'D4C5016086B2DC6A', -- sys

'D4DF7931AB130E37') -- system

/

[Q]How to modify the default XDB listening port

[A]Oracle 9i default XML DB set HTTP default port to 8080, which is a very common port, many other WebServers will use this port,

If we install it, it's best to modify it to avoid conflicts, if we don't use it, it's best not to install it

Provide three ways to modify

dbca, select your database, then Standard Database Features->Customize->Oracle XML DB option, enter this screen you should know how to change.

2. OEM console, modified in XML Database configuration

3. Package provided with oracle:

Change HTTP/WEBDAV port from 8080 to 8081

SQL> call dbms_xdb.cfg_update(updateXML(dbms_xdb.cfg_get(),

'/xdbconfig/sysconfig/protocolconfig/httpconfig/http-port/text()',8081))

/

Change FTP port from 2100 to 2111

SQL> call dbms_xdb.cfg_update(updateXML(dbms_xdb.cfg_get(),

'/xdbconfig/sysconfig/protocolconfig/ftpconfig/ftp-port/text()',2111))

/

SQL> commit;

SQL> exec dbms_xdb.cfg_refresh;

--Check whether the modification has been successful

SQL> select dbms_xdb.cfg_get from dual;

[Q]How to capture user login information, such as SID, IP address, etc.

[A]Login triggers can be used, such as

CREATE OR REPLACE TRIGGER tr_login_record

AFTER logon ON DATABASE

DECLARE

miUserSid NUMBER;

mtSession v$session%ROWTYPE;

CURSOR cSession(iiUserSid IN NUMBER) IS

SELECT * FROM v$session

WHERE sid=iiUserSid;

BEGIN

SELECT sid INTO miUserSid FROM v$mystat WHERE rownum

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report