Part 5, Oracle Network and Security [Q] How to define a specific IP access database [A] You can use the login trigger, CMGW, or add a protocol.ora file under $ OREACLE_HOME / Network / Admin (Some OS may be. Protocol.ora), 9i can directly modify SQLNET.ORA: Added: tcp.validnode_checking = YES # iptcp.Inited_nodes = (IP1, IP2, ....) # iptcp.excluded_nodes = (IP1, " IP2, ...) [q] How to pass through the firewall connection database [A] This issue will only appear on the WIN platform, and UNIX platforms will be saved. Solution: In SQLNET.ORA server should look similar SQLNET.AUTHENTICATION_SERVICES = (NTS) NAMES.DIRECTORY_PATH = (TNSNAMES, ONAMES, HOSTNAME) TRACE_LEVEL_CLIENT = 16 HOME0 registry plus [HKEY_LOCAL_MACHINE] USE_SHARED_SOCKET = TRUE [Q] how to use the embodiment hostname Connecting the database host name only supports the following information in Listener.ora (SID_DESC = (global_dbname = UR_HOSTNAME) - Your Machine Name (Oracle_Home = E: / Oracle / ORA92) - Oracle Home (SID_NAME = ORCL) - Sid Name) Then in the client's SQLNET.ORA, make sure there is Names.Directory_Path = (HostName) You can use the name of the database server to access the database [Q] DBMS_REPCAT_ADMIN can bring any security hazard [ A] If a user can execute the DBMS_REPCAT_ADMIN package, great system permissions will be obtained.
The following may get the execution permission of the package: 1. Grant Execute on dbms_repcat_admin to public [| User_name] 2 under SYS, the user has an Execute Any Procedure privilege (below 9i, 9i must display the authorization) If the user performs the following statement : Exec sys.dbms_repcat_admin.dbms_repcat_admin.grant_admin_Admin.grant_admin_Andmin.d ('user_name'); the user will get great system privileges can get more information from user_sys_privs [Q] How to jump to another user when do not know the user password The user does not affect the user? [A] We can safely use the user safely through the following methods, then jump back, more useful to use ALTER USER privileges or DBA permissions: SQL> SELECT Password from dba_users where username = 'Scott'; Password ----------------------------- F894844C34402B67SQL> ALTER USER Scott Identified by lion; user altered.sql> Connect scott / lionConnected.REM Do whatever you like ... SQL> connect system / managerConnected.SQL> alter user scott identified by values 'F894844C34402B67';. User altered.SQL> connect scott / tigerConnected [Q] how to reinforce your database [ A] To pay attention to the following: Modify the password of SYS, System. 2. LOCK, modification, delete default users: dbsnmp, ctxsys, etc. 3. Change Remote_OS_AUTHENT to FALSE to prevent remote machines from logging in directly. 4. Change O7_DICTIONARY_ACCESSIBILITY to False. 5. Cancel some permissions from Public Role. 6. Check the security of the database's data files. Do not set to 666. Check other DBA users. 7. Close some unwanted services (such as FTP, NFS, etc.) 8. Limit the number of users above the database host. 9. Regularly check the security alert above the MetaLink / OTN. For example,: http: //otn.racle.com/deploy/security/alerts.htm10. Put your database with the application in a separate subnet, or other user passwords are easily went by Sniffer. Or use Advance Security to log in to the user. 11. Restrictions only some IP can access your database. 12. lsnrctl To add a password, other people can easily turn off your Listener from the outside.
13. If possible, do not use the default 1521 port [Q] How to check if the user uses the default password [A] If you use the default password, it is likely to cause a certain security risks to your database, then you can use the following query to get those users use the default password select username "user (s) with default password!" from dba_users where password in ( 'E066D214D5421CCC', - dbsnmp '24ABAB8B06281B4C', - ctxsys '72979A94BAD2AF80', - mdsys 'C252E8FA117AF049', - odm 'A7A32CD03D3CE8D5', - odm_mtr '88A2B2C183431F00', - ordplugins' 7EFA02EC7EA6B86F ', - ordsys' 4A3BA55E08595C81', - outln 'F894844C34402B67', - scott '3F9FBD883D787341', - wk_proxy '79DF7A1BD138CF11', - wk_sys' 7C9BA362F8314299 ', - wmsys' 88D8364765FCE6AF ', - xdb' F9DA8977092B7B81 ', - tracesvr' 9300C0977D7DC75E ', - oas_public' A97282CE3D94E29E ', - websys' AC9700FD3F1410EB ', - lbacsys' E7B5D92911C831E1 ', - rman' AC98877DE1297365 ', - perfstat' 66F4EF5650C20355 ', - exfsys' 84B8CBCA4D477FA3', - si_informtn_schema 'D4C5016086B2DC6A', - sys' D4DF7931AB130E37 ') - system / [Q] how to change the default listening port XDB [a] Oracle9i default XML DB sets the HTTP's default port to 8080. This is a very common port. Many other webserver use this port. If we installed it, it is best to modify it, avoid conflicts, if not used, Great Do not install three modifications 1.DBCA, choose your database, then Standard Database Features-> Customize-> Oracle XML DB Option, you should know how to change it.
