Oracle network security question

[sdohn]

Is it possible, to limit the hosts, that can connect to the Oracle listener Service ?

I want to allow only Host 192.168.1.10 and 192.168.2.223
to connect to the listener Service over the network.

How can I do this ?

 

[karluk]

I have never tried to do this, but it appears to be possible. Here is an excerpt from the Oracle 9i Net Services Administrator's Guide.

Configuring Database Access Control
You can configure the sqlnet.ora file to allow access to some clients and deny access to others. Table 11-3 describes the available settings.

Table 11-3 Access Control Settings in sqlnet.ora Oracle Net Manager Field/Option sqlnet.ora File Parameter Description
Check TCP/IP client access rights
TCP.VALIDNODE_CHECKING
Use to specify whether to screen access to the database.

If this field is selected, Oracle Net Manager checks the parameters TCP.EXCLUDED_NODES and TCP.VALIDNODE_CHECKING to determine which clients to allow access to the database. If this field is deselected, Oracle Net Manager does not screen clients.

Clients excluded from access
TCP.EXCLUDED_NODES
Use to specify which clients using the TCP/IP protocol are denied access to the database.

Clients allowed to access
TCP.INVITED_NODES
Use to specify which clients using the TCP/IP protocol are allowed access to the database.


To configure database access control:

Start Oracle Net Manager.

See Also:
"Starting Oracle Net Manager" on page 5-3


In the navigator pane, expand Local > Profile.
From the list in the right pane, select General.
Click the Access Rights tab.
Select the Check TCP/IP client access rights option.
In the Clients excluded from access and Clients allowed to access fields, enter either a host name or an IP address for a client that you wish to include or exclude, using commas to delimit entries placed on the same line.