RE: Keeping a DB from Phoning Home...
- From: "Mark W. Farnham" <mwf@xxxxxxxx>
- To: <veeracb@xxxxxxxxx>, <gokulkumar.gopal@xxxxxxxxx>
- Date: Fri, 13 Sep 2013 12:22:41 -0400
While those are indeed useful parameters, they function with regard to
clients reaching in; I'm pretty sure David want to prevent any attempts of
the database server to reach out, so that if there are pending jobs or
schedules hilarity cannot ensure by it kicking something off or changing
something in duplicate with some production server that now is responsible,
or at all if the job or transaction is still possible but obsolete.
Have I got that right, David?
mwf
-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx]
On Behalf Of Veerabasaiah C
Sent: Thursday, September 12, 2013 10:57 PM
To: gokulkumar.gopal@xxxxxxxxx
Cc: dmann99@xxxxxxxxx; Martin Klier; Mark.Bobak@xxxxxxxxxxxx;
oracle-l@xxxxxxxxxxxxx
Subject: Re: Keeping a DB from Phoning Home...
Hi Dave,
You could try using the sqlnet.ora file in your db server with the
configuration parameter
tcp.invited_nodes
tcp.validnode_checking.
More details :
http://docs.oracle.com/cd/B10500_01/network.920/a96581/sqlnet.htm
Hope it helps.
Regards
Veera
On Fri, Sep 13, 2013 at 2:24 PM, <gokulkumar.gopal@xxxxxxxxx> wrote:
> Hi Dave,
> How about using an AFTER LOGON trigger ?
>
> Sent from BlackBerryR on Airtel
>
> -----Original Message-----
> From: David Mann <dmann99@xxxxxxxxx>
> Sender: oracle-l-bounce@xxxxxxxxxxxxx
> Date: Thu, 12 Sep 2013 12:51:25
> To: Martin Klier<usn@xxxxxxxxx>
> Reply-To: dmann99@xxxxxxxxx
> Cc: Mark.Bobak@xxxxxxxxxxxx<Mark.Bobak@xxxxxxxxxxxx>;
> oracle-l@xxxxxxxxxxxxx<oracle-l@xxxxxxxxxxxxx>
> Subject: Re: Keeping a DB from Phoning Home...
>
> Thanks for the suggestions, I will push the networking angle more when
> I meet with the sysadmin. The biggest risk is probably from DB links
> which can be mitigated, but to be 100% sure looks like isolating it in
> a subnet or with firewall is the most reliable route. (Pun intended!)
> On Thursday, September 12, 2013, Martin Klier wrote:
>
> > Hi David,
> >
> > I agree with Mark - but my first thought was: "Why not putting it
> > behind a firewall, not allowing outgoing connections, and only allow
> > the app server to connect in [to Port 1521 via TNS]?"
> >
> > Maybe easier to achieve than reconfiguring a legacy system to a new
> subnet.
> >
> > HTH
> > Martin Klier
> >
> >
> > Mark Bobak schrieb:
> > > If you're not sure how to do that, you may want to have a chat
> > > with
> your
> > > network engineering group. It should be pretty trivial to set up.
> > >
> >
> > --
> > Usn's IT Blog for Oracle and Linux
> > http://www.usn-it.de
> >
> >
>
> --
> Dave Mann
> General Geekery | www.brainio.us
> Database Geekery | www.ba6.us | @ba6dotus | http://www.ba6.us/rss.xml
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
> --
> //www.freelists.org/webpage/oracle-l
>
>
>
--
Veerabasaiah C B
"Don't take life too seriously, you will never come out of it alive"
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l
Other related posts:
