在Oracle裡,不像MySQL那樣方便,可以直接在用戶上進行IP限制,Oracle要實現用戶級別的IP限制,可以使用觸發器來迂回實現,以下就是示例,需要的朋友可以參考下
下面是一個觸發器的例子:
復制代碼 代碼如下:
create or replace trigger logon_ip_control
after logon on database
declare
ip STRING(30);
user STRING(30);
begin
SELECT SYS_CONTEXT('USERENV','SESSION_USER') into user from dual;
SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') into ip from dual;
if user='EPAY_USER'
THEN
IF ip not in ('192.168.219.20','192.168.219.22')
THEN raise_application_error(-20001,'User '||user||' is not allowed to connect from '||ip);
END IF;
END IF;
end;
/
該觸發器對用戶EPAY_USER進行了IP限制(只允許'192.168.219.20','192.168.219.22',如果需要設置IP段,用%或?代替即可,如'192.168.219.%‘)。
下面看幾個例子測試一下:
1)從非允許IP地址登陸 (192.168.219.21),連接失敗
復制代碼 代碼如下:
[oracle@lxdb2 ~]$ sqlplus epay_user@pri
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 19:23:48 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: User EPAY_USER is not allowed to connect from 192.168.219.21
ORA-06512: at line 10
2)從允許IP地址登陸(192.168.219.22),連接成功
復制代碼 代碼如下:
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
3)從本地登陸(192.168.219.23)不受IP限制影響,連接成功
復制代碼 代碼如下:
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle. All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options