萬盛學電腦網

 萬盛學電腦網 >> 數據庫 >> oracle教程 >> [Oracle] 如何使用觸發器實現IP限制用戶登錄

[Oracle] 如何使用觸發器實現IP限制用戶登錄

在Oracle裡,不像MySQL那樣方便,可以直接在用戶上進行IP限制,Oracle要實現用戶級別的IP限制,可以使用觸發器來迂回實現,以下就是示例,需要的朋友可以參考下  

下面是一個觸發器的例子:

復制代碼 代碼如下:
create or replace trigger logon_ip_control
after logon on database
declare
  ip STRING(30);
  user STRING(30);
begin
SELECT SYS_CONTEXT('USERENV','SESSION_USER') into user from dual;
SELECT SYS_CONTEXT('USERENV','IP_ADDRESS') into ip from dual;
if user='EPAY_USER'
  THEN
      IF ip not in ('192.168.219.20','192.168.219.22') 
      THEN raise_application_error(-20001,'User '||user||' is not allowed to connect from '||ip);
      END IF;
END IF;
end;
/


該觸發器對用戶EPAY_USER進行了IP限制(只允許'192.168.219.20','192.168.219.22',如果需要設置IP段,用%或?代替即可,如'192.168.219.%‘)。
下面看幾個例子測試一下:
1)從非允許IP地址登陸 (192.168.219.21),連接失敗

復制代碼 代碼如下:
[oracle@lxdb2 ~]$ sqlplus epay_user@pri
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 19:23:48 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
ERROR:
ORA-00604: error occurred at recursive SQL level 1
ORA-20001: User EPAY_USER is not allowed to connect from 192.168.219.21
ORA-06512: at line 10


2)從允許IP地址登陸(192.168.219.22),連接成功

復制代碼 代碼如下:
[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options


3)從本地登陸(192.168.219.23)不受IP限制影響,連接成功

復制代碼 代碼如下:


[oracle@lxdb1 ~]$ sqlplus epay_user
SQL*Plus: Release 11.2.0.3.0 Production on Wed Jul 3 11:24:25 2013
Copyright (c) 1982, 2011, Oracle.  All rights reserved.
Enter password:
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.3.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options

copyright © 萬盛學電腦網 all rights reserved