restriction from oracle
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 8 of 8

Thread: restriction from oracle

  1. #1
    Join Date
    Sep 2001
    Location
    chennai
    Posts
    69

    restriction from oracle

    hello
    can some one help me on this

    i have an oracle database which is accessed by a java application from a remote machine. From the java application iam giving the ip address of the server machine where oracle is running.the server also receives the ip address of the machine from where the call is made.

    now my question is, can i restrict from oracle that only, request from a specific ip address should be allowed to access the database and the rest should not. if so how.

    thanks in advance

    rswamin

  2. #2
    Join Date
    Feb 2000
    Location
    Singapore
    Posts
    1,758
    'Oracle Connection Manager' which is a middle tier product that allows you to restrict or permitt certain IP addresses.
    Sanjay G.
    Oracle Certified Professional 8i, 9i.

    "The degree of normality in a database is inversely proportional to that of its DBA"

  3. #3
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Or even more simple, without installing any additional components:

    Create a file "protocol.ora" (if it's not allready there) in your Oracle network admin directory on the database server and add the following entry in it:

    TCP.INVITED_NODES= (X.Y.Z.W)

    where "X.Y.Z.W" is the IP address or host name of your application-running machine. And don't forget to restart the listener after that. That way only that machine nwill be able to connect to your database server using TCP/IP protocol, all the connections from other addresses will be refused by the listener.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  4. #4
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Create a file "protocol.ora" (if it's not allready there) in your Oracle network admin directory on the database server and add the following entry in it:

    TCP.INVITED_NODES= (X.Y.Z.W)

    where "X.Y.Z.W" is the IP address or host name of your application-running machine. all the connections from other addresses will be refused by the listener.

    jmodic :

    As per ur post i followed watever u said, but Server is allowing to connect to DB for all IP adress which are not in Protocol.ora

    Attached are the docs , please find it for details...

    correct me in case i am wrong

    Abhay
    Attached Files Attached Files
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  5. #5
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Starting from 9i, this (and some other parameters) have been moved from PROTOCOL.ORA into SQLNET.ORA. Check http://download-west.oracle.com/docs...new.htm#968699

    Move this parameter into sqlnet.ora, restart the listener and see if it works then. Or even better, don't configure this manually, use Oracle Net Manager instead. Click on Local -> Profile, then select General -> Acess Rights nad see if the IP that you had in your protocol.ora is shown there. If it is it means that Net Manager has allread merged this parameter from protocol.ora into sqlnet.ora. If it is not ther, enter it manualy in the "Client alloved to access" list. Then save network configuration and restart the listener.
    Last edited by jmodic; 01-17-2003 at 07:30 AM.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  6. #6
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Jmodic:

    If i make changes in SQL*NET then listener is not able to start...its throwing an error.

    Code:
    LSNRCTL> start
    Starting tnslsnr: please wait...
    
    TNSLSNR for 32-bit Windows: Version 9.0.1.1.1 - Production
    System parameter file is C:\Oracle\Ora9i\network\admin\listener.ora
    Log messages written to C:\Oracle\Ora9i\network\log\listener.log
    Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=dpa31w014.digitalindiasw
    .net)(PORT=1521)))
    Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC1ipc
    )))
    
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=dpa31w014)(PORT=1521)))
    TNS-12547: TNS:lost contact
     TNS-12560: TNS: protocol adapter error
      TNS-00517: Lost contact
       32-bit Windows Error: 54: Unknown error
    Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1)))
    TNS-01153: Failed to process string:
     NL-00313: null pointer or null size
    LSNRCTL>
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  7. #7
    Join Date
    Dec 2000
    Location
    Ljubljana, Slovenia
    Posts
    4,439
    Have you tried to set this by using Oracle Net Manager? I know it works in 9i too, I've just tried it.
    Jurij Modic
    ASCII a stupid question, get a stupid ANSI
    24 hours in a day .... 24 beer in a case .... coincidence?

  8. #8
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Jmodic :

    yes i did try with oracle net manager.....

    I added the application servers IP, but forgot to add the host IP where the Oracle Server resides...hence it was giveing me problem in starting listener....

    When i added the host IP with it ...... yes i was able to start listener on the server wher oracle resides an also yes i was able to restrict the connections from other IPs....

    Thanks.
    Abhay.
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width