-
Problem on restricting host using sqlnet.ora in 9i
Folks,
Oracle 9i Rel 2 pach 3
OS Solaris 9
I am having a problem on restricting the access from the clients based on the host names. I have the following parameters set in my sqlnet.ora file
Code:
TCP.NODELAY=yes
TCP.VALIDNODE_CHECKING=yes
TCP.INVITED_NODES= (host1, host2,...)
After putting this entries in the sqlnet.ora, I was still being able to connect to the instances from the hosts that were not listed under the invited_nodes.
Some may say to restart the listener. I did that too, but still being able to connect to the instances from the hosts that were not listed under the invited nodes lists.
Rememeber this is 9i, so protocol.ora is obsolete in this.
Did anyone come across this problem? If so what was your solution? Any help would greatly be appreciated.
Thanx,
Sam
Thanx
Sam
Life is a journey, not a destination!
-
mmm interesting.
Can you try setting TNS_ADMIN variable, then restart the listener.
Also, do you list host names or IP addresses.
You probably should also check out Security Alert #38.
Brgds,
Andrew Oddy
-
Multiple Listners Enabled on different nodes?
funky...
"I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."
"Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"
-
TNS_ADMIN was set in the first place. Regarding multiple listeners on different nodes no. But Multiple listeners on single node yes.
Any further thoughts.
Sam
Thanx
Sam
Life is a journey, not a destination!
-
O.K here is the solution, which is quiet painful. In a list of around 100 invited nodes, the nslookup for 2 nodes failed. As a result the listener would just skip the loading of the restricted node list. So this was the cause of all the problems. On compaing the node list with the loaded node list from the trace revealed the problem. The listener instead of skipping the nodes that it cannot load, just resolute to diregard the valid node list.
Sam
Thanx
Sam
Life is a journey, not a destination!
-
Sam,
Can we allow certain hosts using sqlnet.ora in oracle 9i
Thanks,
sanga
-
Yes you can restrict the access to the server using the sqlnet.ora file. As I mentioned on my first posting, set those parameters on the server side sqlnet.ora file and then stop and start the listener. That will allow access to only those hosts listed under invided nodes.
Hope this would help you.
Sam
Thanx
Sam
Life is a journey, not a destination!
-
sqlnet.ora
Hi Sam
Thanks for information on Oracle Security Issues.
inspite of sqlnet.ora, you can also set cman(connection manager).
it will also work as a fierwall.have you tried this.
thanks
Abhishek
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|