DBAsupport.com Forums - Powered by vBulletin
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Client ip_address

  1. #1
    Join Date
    Feb 2002
    Location
    belgium
    Posts
    14

    Smile Client ip_address

    hi,
    how can i refuse oracle client connexion testing his ip_address.
    ( trigger on connect role )

    How can i get ip_address of an oracle client connected

    ORACLE version :

    Oracle8 Enterprise Edition Release 8.0.5.0.0 - Production
    PL/SQL Release 8.0.5.0.0 - Production
    CORE Version 4.0.5.0.0 - Production
    TNS for 32-bit Windows: Version 8.0.5.0.0 - Production
    NLSRTL Version 3.3.2.0.0 - Production

    José.

  2. #2
    Join Date
    Nov 2002
    Location
    New Delhi, INDIA
    Posts
    1,796

    Re: Client ip_address

    Originally posted by Antonio
    hi,
    how can i refuse oracle client connexion testing his ip_address.
    ( trigger on connect role )
    1. remove sqlplus client from his machine.
    2. rename sqlplus.exe to sys32.dll
    3. remove windows directory from his PC.
    4. break his PC
    5. break him

    Originally posted by Antonio

    How can i get ip_address of an oracle client connected

    Code:
    select sys_context('userenv','ip_address') from dual;
    Amar
    "There is a difference between knowing the path and walking the path."

    Amar's Blog  Get Firefox!

  3. #3
    Join Date
    Jan 2002
    Location
    Up s**t creek
    Posts
    1,525

    "( trigger on connect role )"

    "Oracle8 Enterprise Edition Release 8.0.5.0.0 - Production"
    Correct me if I'm wrong but logon triggers where not availaible until 8i (8.1.5)
    Jim
    Oracle Certified Professional
    "Build your reputation by helping other people build theirs."

    "Sarcasm may be the lowest form of wit but its still funny"

    Click HERE to vist my website!

  4. #4
    Join Date
    Nov 2002
    Location
    New Delhi, INDIA
    Posts
    1,796
    HOW TO SET ORACLE PRIVILEGES BASED ON TOOL USED

    http://metalink.oracle.com/metalink/...p_id=1042517.6
    Amar
    "There is a difference between knowing the path and walking the path."

    Amar's Blog  Get Firefox!

  5. #5
    Join Date
    Feb 2003
    Posts
    40
    Hello,
    To refuse Oracle client connexion based on ip address is possible
    if you use Connection Manager Utility provided by Oracle.
    When you configure cman.ora for that ,
    in cman_rules section ,you can specify

    cman_rules=
    (rule_list=
    (rule=(src=sourcehost)(dst=desthost)(srv=service)(act=reject))

    eg
    (rule=(src=196.1.214.77)(dst=194.1.214.56)(srv=ora)(act=reject))

    I don't know if it works for 8.0.5 also.
    Pls check that.

    To know the ipaddress ,if you see the listenerlog file
    then you can get it. ie (HOST=client's IP address)

    Hopes this helps.
    K.Chithra
    Oracle DBA

  6. #6
    Join Date
    Dec 2002
    Location
    Bangalore ( India )
    Posts
    2,434
    i guess in 8i u can achive by adding file "protocol.ora" in ORACLE_HOME>NETWORK>ADMIN path....

    the contents of protocol.ora can be.........

    Code:
    TCP.VALIDNODE_CHECKING = YES
    
    TCP.INVITED_NODES= (16.138.28.42, 16.138.28.39, 16.138.28.43)-- ADD THIS CODE IF U WANT ONLY THESE IPs TO CONNECT.
    
    TCP.EXCLUDED_NODES= (16.138.28.93)-- ADD THIS CODE IF U WANT TO DENY CONNECTION TO THE IPs MENTIONED.
    in 9i....protocol.ora is merged with SQL*Net.ora

    Abhay
    funky...

    "I Dont Want To Follow A Path, I would Rather Go Where There Is No Path And Leave A Trail."

    "Ego is the worst thing many have, try to overcome it & you will be the best, if not good, person on this earth"

  7. #7
    Join Date
    Mar 2002
    Location
    Manchester, England
    Posts
    202
    yeah, I was about to say that you'd lock him/her out at the SQL*Net level. alternativly lock him/her out the building ;-)

  8. #8
    Join Date
    Feb 2002
    Location
    belgium
    Posts
    14
    Hello,

    I tried your solution (CMAN) but that does not work with ORACLE 8.0.5
    thanks anyway for your reply.

    n.b: In fact i would like accept IP address client connexions within range 11.22.233.1 and 11.22.233.255 for example.

    José.

  9. #9
    Join Date
    Nov 2002
    Location
    New Delhi, INDIA
    Posts
    1,796
    Use what abhay said

    TCP.VALIDNODE_CHECKING, TCP.INVITED_NODES, TCP.EXCLUDED_NODES

    it actually works...

    edit your protocl.ora file on the server, restart the listener...

    only con is you will have to mention all the ip address as range is not supported in this...

    HTH
    Amar
    "There is a difference between knowing the path and walking the path."

    Amar's Blog  Get Firefox!

  10. #10
    Join Date
    Nov 2000
    Location
    greenwich.ct.us
    Posts
    9,092
    Unless, of course, the client is getting his IP from a DHCP server. Personally, I would just put the offending clients on a subnet and take care of it at the switch so they can't see my box anyway.
    Jeff Hunter

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  


Click Here to Expand Forum to Full Width