限制Listener的网络链接
Oracle November 23rd, 2006
通过在sqlnet.ora设置简单参数来限制未经授权的链接。
TCP.VALIDNODE_CHECKING = yes
TCP.INVITED_NODES = (client1,client2,client3,dbnode)tcp.validnode_checking 表示需要检查node授权。
tcp.invited_nodes 表示经过授权的node,必须包含db所在的node。sqlnet.ora 中总共有4个相关的参数:
tcp.validnode_checking tcp.invited_nodes tcp.excluded_nodes 需要排除的未经授权的node tcp.nodelay 修改TCP/IP的包传送方式,关闭nagle算法。 具体参考RFC896: http://www.faqs.org/rfcs/rfc896.html
附上sqlnet.ora的参数列表:
bequeath_detach
disable_oob
log_directory_client
log_directory_server
log_file_client
log_file_server
names.connect_timeout
names.dce.prefix
names.default_domain
names.directory_path
names.initial_retry_timeout
names.max_open_connections
names.message_pool_start_size
names.nis.meta_map
names.preferred_servers
names.request_retries
namesctl.echo
namesctl.internal_encrypt_password
namesctl.internal_use
namesctl.no_initial_server
namesctl.noconfirm
namesctl.server_password
namesctl.trace_directory
namesctl.trace_file
namesctl.trace_level
namesctl.trace_unique
sqlnet.authentication_gssapi_service
sqlnet.authentication_kerberos5_service
sqlnet.authentication_services
sqlnet.client_registration
sqlnet.crypto_checksum_client
sqlnet.crypto_checksum_server
sqlnet.crypto_checksum_type_client
sqlnet.crypto_checksum_type_server
sqlnet.crypto_seed
sqlnet.encryption_client
sqlnet.encryption_server
sqlnet.encryption_types_client
sqlnet.encryption_types_server
sqlnet.expire_time
sqlnet.kerberos5_cc_name
sqlnet.kerberos5_clockskew
sqlnet.kerberos5_conf
sqlnet.kerberos5_keytab
sqlnet.kerberos5_realms
sqlnet.radius_alternate
sqlnet.radius_alternate_port
sqlnet.radius_alternate_retries
sqlnet.radius_authentication
sqlnet.radius_authentication_interface
sqlnet.radius_authentication_port
sqlnet.radius_authentication_retries
sqlnet.radius_authentication_timeout
sqlnet.radius_challenge_response
sqlnet.radius_secret
sqlnet.radius_send_accounting
ssl_cipher_suites
ssl_client_authentication
ssl_server_dn_match
ssl_version
tcp.excluded_nodes
tcp.invited_nodes
tcp.nodelay
tcp.validnode_checking
tnsping.trace_directory
tnsping.trace_level
trace_directory_client
trace_directory_server
trace_file_client
trace_file_server
trace_filelen_client
trace_filelen_server
trace_fileno_client
trace_fileno_server
trace_level_client
trace_level_server
trace_timestamp_client
trace_timestamp_server
trace_unique_client
use_cman
use_dedicated_server
WALLET_LOCATION