可以利用登录触发器、cmgw或者是在$OREACLE_HOME/network/admin下新增一个protocol.ora文件(有些os可能是. protocol.ora),9i可以直接修改sqlnet.ora:
增加如下内容:
tcp.validnode_checking=yes
#允许访问的ip
tcp.inited_nodes=(ip1,ip2,……)
#不允许访问的ip
tcp.excluded_nodes=(ip1,ip2,……)
利用触发器限定IP:
create table logcontrol
(IPDET VARCHAR2(15)
)
/
create table limitip
(
IPDET VARCHAR2(15),
NOTE VARCHAR2(50)
)
/
create table yclogin
(
IPDET VARCHAR2(15),
attempdate date default sysdate
)
/
insert into logcontrol values('130.76.1.135');
insert into limitip values('130.76.1.135','接口数据库');
/
CREATE OR REPLACE TRIGGER log_control
AFTER logon ON DATABASE
declare
oname number(2);
pragma autonomous_transaction;
begin
if SYS_CONTEXT('USERENV','IP_ADDRESS') is not null
then
select count(*) into oname from logcontrol
where trim(IPDET)=SYS_CONTEXT('USERENV','IP_ADDRESS');
if oname<1 then
insert into yclogin values(SYS_CONTEXT('USERENV','IP_ADDRESS'));
commit;
Raise_application_error(-20999, 'ip访问限定,有需要请及时向系统管理员书面申请!!!');
EXECUTE IMMEDIATE 'DISCONNECT';
end if;
end if;
end;