Problem on restricting host using sqlnet.ora in 9i
DBAsupport.com Forums - Powered by vBulletin
Results 1 to 8 of 8

Thread: Problem on restricting host using sqlnet.ora in 9i

  1. #1
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925

    Problem on restricting host using sqlnet.ora in 9i

    Folks,

    Oracle 9i Rel 2 pach 3
    OS Solaris 9

    I am having a problem on restricting the access from the clients based on the host names. I have the following parameters set in my sqlnet.ora file
    Code:
              TCP.NODELAY=yes          
              TCP.VALIDNODE_CHECKING=yes
              TCP.INVITED_NODES= (host1, host2,...)
    After putting this entries in the sqlnet.ora, I was still being able to connect to the instances from the hosts that were not listed under the invited_nodes.

    Some may say to restart the listener. I did that too, but still being able to connect to the instances from the hosts that were not listed under the invited nodes lists.

    Rememeber this is 9i, so protocol.ora is obsolete in this.

    Did anyone come across this problem? If so what was your solution? Any help would greatly be appreciated.

    Thanx,

    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  2. #2
    Join Date
    Feb 2001
    Location
    Adelaide, Australia
    Posts
    159
    mmm interesting.

    Can you try setting TNS_ADMIN variable, then restart the listener.

    Also, do you list host names or IP addresses.

    You probably should also check out Security Alert #38.

    Brgds,

    Andrew Oddy

  3. #3
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    Multiple Listners Enabled on different nodes?
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  4. #4
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    TNS_ADMIN was set in the first place. Regarding multiple listeners on different nodes no. But Multiple listeners on single node yes.

    Any further thoughts.

    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  5. #5
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    O.K here is the solution, which is quiet painful. In a list of around 100 invited nodes, the nslookup for 2 nodes failed. As a result the listener would just skip the loading of the restricted node list. So this was the cause of all the problems. On compaing the node list with the loaded node list from the trace revealed the problem. The listener instead of skipping the nodes that it cannot load, just resolute to diregard the valid node list.

    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  6. #6
    Join Date
    May 2001
    Posts
    31
    Sam,

    Can we allow certain hosts using sqlnet.ora in oracle 9i

    Thanks,
    sanga

  7. #7
    Join Date
    Oct 2000
    Location
    Saskatoon, SK, Canada
    Posts
    3,925
    Yes you can restrict the access to the server using the sqlnet.ora file. As I mentioned on my first posting, set those parameters on the server side sqlnet.ora file and then stop and start the listener. That will allow access to only those hosts listed under invided nodes.

    Hope this would help you.

    Sam
    Thanx
    Sam



    Life is a journey, not a destination!


  8. #8
    Join Date
    May 2000
    Location
    Delhi
    Posts
    108

    sqlnet.ora

    Hi Sam
    Thanks for information on Oracle Security Issues.
    inspite of sqlnet.ora, you can also set cman(connection manager).
    it will also work as a fierwall.have you tried this.
    thanks
    Abhishek

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width