Shulou(Shulou.com)06/01 Report--

This article introduces the knowledge of "how to limit specific IP access in Oracle database". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

[a] you can use login triggers, cmgw, or add a protocol.ora file under $OREACLE_HOME/network/admin (some os may be. Protocol.ora), 9i can modify sqlnet.ora directly:

Add the following:

Tcp.validnode_checking=yes

# allowed access I

Tcp.inited_nodes= (ip1,ip2, …)

# I that is not allowed to access

Tcp.excluded_nodes= (ip1,ip2, …)

[Q] how to connect to the database through the firewall

[a] this problem will only occur on the WIN platform and will be resolved automatically on the UNIX platform.

Solution:

The SQLNET.ORA on the server side should be similar

SQLNET.AUTHENTICATION_SERVICES= (NTS)

NAMES.DIRECTORY_PATH= (TNSNAMES, ONAMES, HOSTNAME)

TRACE_LEVEL_CLIENT = 16

HOME0 plus [HKEY_LOCAL_MACHINE] in the registry

USE_SHARED_SOCKET=TRUE

[Q] how to use hostname to connect to the database

[a] host name mode only supports small Lans with tcp/ip protocol

Modify the following information in listener.ora

(SID_DESC =

(GLOBAL_DBNAME = ur_hostname)-- your machine name

(ORACLE_HOME = E:oracleora92)-oracle home

(SID_NAME = orcl)-sid name

)

Then in the client's sqlnet.ora, make sure that there is

NAMES.DIRECTORY_PATH= (HOSTNAME)

You can access the database using the name of the database server.

[Q] what security risks can dbms_repcat_admin bring?

[a] the package may be granted execution permissions under the following circumstances:

1. Under sys

Grant execute on dbms_repcat_admin to public [user_name]

2. Users have execute any procedure privileges (only under 9i, 9i must show authorization)

If the user executes the following statement:

Exec sys.dbms_repcat_admin.grant_admin_any_schema ('user_name')

The user will be given great system privileges

More information can be obtained from user_sys_privs

[Q] when you don't know the user's password, how to jump to another user to perform an operation does not affect that user?

[a] We can safely use the user in the following ways, and then jump back, which is more useful in some times

Alter user or DBA permissions are required:

SQL > select password from dba_users where username='SCOTT'

PASSWORD

-

F894844C34402B67

SQL > alter user scott identified by lion

User altered.

SQL > connect scott/lion

Connected.

REM Do whatever you like...

SQL > connect system/manager

Connected.

SQL > alter user scott identified by values' F894844C34402B67'

User altered.

SQL > connect scott/tiger

Connected

[Q] how to strengthen your database

[a] pay attention to the following aspects

1. Change the password of sys and system.

2. Lock, modify and delete default users: dbsnmp,ctxsys, etc.

3. Change REMOTE_OS_AUTHENT to False to prevent remote machines from logging in directly.

4. Change O7_DICTIONARY_ACCESSIBILITY to False.

5. Remove some permissions from PUBLIC Role.

6. Check the security of the data files in the database. Don't set it to 666 or something. Check for other dba users.

7. Turn off some unwanted services (such as ftp, nfs, etc.)

8. Limit the number of users on the database host.

9. Check the security Alert on Metalink/OTN regularly. For example: http://otn.oracle.com/deploy/security/alerts.htm

10. Put your database and application in a separate subnet, otherwise your user password can be easily accessed by sniffer. Or use advance security to encrypt the user's login.

11. Only certain ip can access your database.

12. Add a password to lsnrctl, or it will be easy for others to turn off your listener from the outside.

13. If possible, do not use the default port 1521

[Q] how to check whether the user uses the default password

[a] if you use the default password, it is likely to cause some security risks to your database, then you can use the following query to get which users use the default password

Select username "User (s) with Default Password!"

From dba_users

Where password in

('E066D214D5421CCCom,-- dbsnm

'24ABAB8B06281B4C,-- ctxsys

'72979A94BAD2AF80,-- mdsys

'C252E8FA117AF049,-- odm

'A7A32CD03D3CE8D5,-- odm_mtr

'88A2B2C183431F00,-- ordplugins

'7EFA02EC7EA6B86F,-- ordsys

'4A3BA55E08595C81,-- outln

'F894844C34402B67,-- scott

'3F9FBD883D787341,-- wk_proxy

'79DF7A1BD138CF11,-- wk_sys

'7C9BA362F8314299,-- wmsys

'88D8364765FCE6 aforementioned,-- xdb

'F9DA8977092B7B81,-- tracesvr

'9300C0977D7DC75Elastic,-- oas_public

'A97282CE3D94E29E,-- websys

'AC9700FD3F1410EB',-- lbacsys

'E7B5D92911C831E1E1,-- rman

'AC98877DE1297365',-- perfstat

'66F4EF5650C203555,-- exfsys

'84B8CBCA4D477FA3,-- si_informtn_schema

'D4C5016086B2DC6A,-- sys

'D4DF7931AB130E37')-- system

/

That's all for "how to restrict specific IP access in an Oracle database". Thank you for reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.