Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Net8 - restricting remote acces by IP Address

Re: Net8 - restricting remote acces by IP Address

From: Thomas Kyte <tkyte_at_us.oracle.com>
Date: Sun, 28 Nov 1999 18:04:44 -0500
Message-ID: <03d34s0phj1ss0g57ncj480c6h4gs9q96l@4ax.com>


A copy of this was sent to "Jeremy Ovenden" <jovenden_at_hazelweb.co.uk> (if that email address didn't require changing) On Sun, 28 Nov 1999 19:18:27 -0000, you wrote:

>
>I understand it is possible to restrict which clients have access to a
>database using IP address restrictions with Net8. Does anyone have any
>experience of this (reliability, performance implications etc.), and is it
>straightforward to configure? We are on 8.0.6 (standard edition) on Solaris
>2.6.
>
>Thanks in advance
>Jeremy Ovenden
>
>
>

This was added in 2.x of SQLNet actually. It is called validnode verification. Here is a short blurb from the network guide:

<quote>
Validnode Verification

The objective of Validnode verification is to restrict connection access of network clients to those with enabling host privilege. The access list is in the PROTOCOL.ORA file. The list is dynamic and used by the Validnode component to decide on granting access to incoming connection requests.

To activate Validnode checking, the following parameter must be entered in PROTOCOL.ORA:

protocol.validnode_checking = yes

For example, for the TCP/IP protocol, the parameter would be:

tcp.validnode_checking = yes
</quote>

See the guides for more info on setting up the protcol.ora file. No real performance implications.

--
See http://osi.oracle.com/~tkyte/ for my columns 'Digging-in to Oracle8i'... Current article is "Part I of V, Autonomous Transactions" updated June 21'st  

Thomas Kyte                   tkyte_at_us.oracle.com
Oracle Service Industries     Reston, VA   USA

Opinions are mine and do not necessarily reflect those of Oracle Corporation Received on Sun Nov 28 1999 - 17:04:44 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US