Restricting particular IP addresses from Oracle databases

Have you ever wanted to control whether or not particular IP addresses can connect to your Oracle database? Here's how.

Have you ever wanted to control whether or not particular IP addresses can connect to your Oracle database? Here's how:

First, you have to create a file named protocol.ora as follows.

tcp.invited_nodes=(XXX.XY1.XY2.Y, XXX.XY2.XY3.Z) 
tcp.validnode_checking=yes 

Let's say you want to allow a user to connect to the database with an IP addresse of 192.168.11.20 or 192.168.10.12 only. You simply configure the protocol.ora file as follows:

tcp.invited_nodes=(192.168.11.20, 192.168.10.12) 
tcp.validnode_checking=yes 

The destination of this file would be same as that of sqlnet.ora and tnsnames.ora. You'll need to stop and restart the listener to make this change work.

Similarly, to exclude certain IP addresses, you have to configure parameter tcp.excluded_nodes as above in the protocol.ora file.

Note: There are certain bugs in this method, so be sure to check with Oracle support or Metalink for your specific platform and version. For example, on Windows NT and Oracle version 8.1.x, you have to create a net8/admin directory and put the protocol.ora file in it rather than the network/admin directory. On Unix and Oracle version 8.1.x, you have to rename protocol.ora to .protocol.ora in the network/admin directory.

For More Information


This was first published in September 2001

Dig deeper on Oracle database security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchDataManagement

SearchBusinessAnalytics

SearchSAP

SearchSQLServer

TheServerSide

SearchDataCenter

SearchContentManagement

SearchFinancialApplications

Close