I would like to know about Oracle security: Can I set a policy for a listener on the server side, so that only users from specified IP address can connect to my database, and all other IP addresses will be denied? I went to some sites and found that some Oracle versions may be attacked by a hacker through the listener, so did Oracle provide a solution to this problem?
In order to restrict you database connections to a specific set of IP addresses, you'll need to modify your database's SQLNET.ORA file. This file is found in $ORACLE_HOME/network/admin by default. The TCP.VALIDNODE_CHECKING parameter in this file determines if the system will check for valid nodes or not. The TCP.EXCLUDED_NODES parameter specifies which IP numbers will not be allowed access. The TCP.INCLUDED_NODES parameter specifies which IP numbers will be allowed access. You may find it easier to use the Net Assistant to configure this instead of manually modifying the file.
For More Information
- Dozens more answers to tough Oracle questions from Brian Peasland are available.
- The Best Oracle Web Links: tips, tutorials, scripts, and more.
- Have an Oracle or SQL tip to offer your fellow DBAs and developers? The best tips submitted will receive a cool prize. Submit your tip today!
- Ask your technical Oracle and SQL questions -- or help out your peers by answering them -- in our live discussion forums.
- Ask the Experts yourself: Our SQL, database design, Oracle, SQL Server, DB2, metadata, object-oriented and data warehousing gurus are waiting to answer your toughest questions.