|
|
在Oracle里,不像MySQL那样方便,可以直接在用户上进行IP限制,Oracle要实现用户级别的IP限制,可以使用触发器来迂回实现,以下就是示例:(需要的码农可以参考下)
create or replace trigger logon_ip_control
after logon on database
declare
ip STRING(30);
user STRING(30);
begin
SELECT SYS_CONTEXT('USERENV','SESSION_USER') into user from dual;
SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') into ip from dual;
if user='EPAY_USER'
THEN
IF ip not in ('192.168.219.20','192.168.219.22')
THEN raise_application_error(-20001,'User '||user||' is not allowed to connect from '||ip);
END IF;
END IF;
end;
/
该触发器对用户EPAY_USER进行了IP限制(只允许'192.168.219.20','192.168.219.22',如果需要设置IP段,用%或?代替即可,如'192.168.219.%‘)。
测试示例:
1)从非允许IP地址登陆 (192.168.219.21),连接失败
[oracle@lxdb2 ~]$ sqlplus epay_user@pri
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 19:23:48 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: User EPAY_USER is not allowed to connect from 192.168.219.21
ORA-06512: at line 10
2)从允许IP地址登陆(192.168.219.22),连接成功
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
3)从本地登陆(192.168.219.23)不受IP限制影响,连接成功
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
|
|
本站关键词:快速开发平台
发表于 2020-6-20 16:12:01
QQ好友和群
QQ空间
腾讯微博
腾讯朋友
收藏
楼主