disabling IPC

disabling IPC

Post by Chris Aiell » Tue, 12 Mar 2002 00:41:05



Hi all:

I have a question.   I have this Oracle DB running on UNIX and I want to
block users from telneting in and using IPC to talk to the database.  They
should use the TCPIP listener.   I want however for the DBA to be able to
use IPC in the event of the emergency.   Any thoughts?

 
 
 

disabling IPC

Post by Mladen Gogal » Tue, 12 Mar 2002 06:51:28



> Hi all:

> I have a question.   I have this Oracle DB running on UNIX and I want to
> block users from telneting in and using IPC to talk to the database. They
> should use the TCPIP listener.   I want however for the DBA to be able to
> use IPC in the event of the emergency.   Any thoughts?

Well, editting  /etc/passwd and removing the user names of the users that
telnet into the box comes to mind.....

--
Mladen Gogala

 
 
 

disabling IPC

Post by Sybrand Bakke » Tue, 12 Mar 2002 06:58:35


On Sun, 10 Mar 2002 15:41:05 GMT, "Chris Aiello"


>Hi all:

>I have a question.   I have this Oracle DB running on UNIX and I want to
>block users from telneting in and using IPC to talk to the database.  They
>should use the TCPIP listener.   I want however for the DBA to be able to
>use IPC in the event of the emergency.   Any thoughts?

IMO this is not possible. You can not place restrictions on the IPC
protocol, and I fail to see why you disallow IPC and force them to use
TCPIP. Doing so, they still can do anything they want.
Given the advantages of IPC over TCPIP, I would rather block them from
using the TCPIP protocol when connected locally.
Why don't just disable the telnet protocol?

Regards

Sybrand Bakker, Senior Oracle DBA

To reply remove -verwijderdit from my e-mail address

 
 
 

disabling IPC

Post by RSH » Tue, 12 Mar 2002 08:08:01


Thank you Sybrand, I was at a loss for an explanation for this either; if
they ae telnetting in and using sqlplus, IPC is better.

Now if you want to FORCE them to use tcpip, just get rid of their UNIX
logins on the server and they will have to come in via SQL*NET / Net8 client
services...

It does help to explain just what you're trying to accomplish. Not meant as
an admonishment or criticism, but a mere fragment of a question doesn't help
without the "what I really want to do" that is behind the "how do I...?"
part.

RSH.


> On Sun, 10 Mar 2002 15:41:05 GMT, "Chris Aiello"

> >Hi all:

> >I have a question.   I have this Oracle DB running on UNIX and I want to
> >block users from telneting in and using IPC to talk to the database.
They
> >should use the TCPIP listener.   I want however for the DBA to be able to
> >use IPC in the event of the emergency.   Any thoughts?

> IMO this is not possible. You can not place restrictions on the IPC
> protocol, and I fail to see why you disallow IPC and force them to use
> TCPIP. Doing so, they still can do anything they want.
> Given the advantages of IPC over TCPIP, I would rather block them from
> using the TCPIP protocol when connected locally.
> Why don't just disable the telnet protocol?

> Regards

> Sybrand Bakker, Senior Oracle DBA

> To reply remove -verwijderdit from my e-mail address

 
 
 

disabling IPC

Post by koert5 » Wed, 13 Mar 2002 00:05:19


There used to be a sqlnet.ora parameter AUTOMATIC_IPC=ON/OFF.
AUTOMATIC_IPC=OFF would be appropriate for a client that has no local
database and thus should not even attempt to make a local connection.
Default this
parameter was ON so all remote clients would try IPC first. Setting the
parameter
on would have resulted in faster connect times but the time you win here is
minimal.
However - this was only for databases prior to 8i ... it's become obsolete.


Quote:> Hi all:

> I have a question.   I have this Oracle DB running on UNIX and I want to
> block users from telneting in and using IPC to talk to the database.  They
> should use the TCPIP listener.   I want however for the DBA to be able to
> use IPC in the event of the emergency.   Any thoughts?

 
 
 

disabling IPC

Post by RSH » Wed, 13 Mar 2002 06:40:58


Of what use would disabling IPC Oracle connections be, on a server that does
not have an Oracle database running?

IPC connections are only possible on the native machine, in the O/S.

Not across to other instances on different servers.......

RSH.


> There used to be a sqlnet.ora parameter AUTOMATIC_IPC=ON/OFF.
> AUTOMATIC_IPC=OFF would be appropriate for a client that has no local
> database and thus should not even attempt to make a local connection.
> Default this
> parameter was ON so all remote clients would try IPC first. Setting the
> parameter
> on would have resulted in faster connect times but the time you win here
is
> minimal.
> However - this was only for databases prior to 8i ... it's become
obsolete.



> > Hi all:

> > I have a question.   I have this Oracle DB running on UNIX and I want to
> > block users from telneting in and using IPC to talk to the database.
They
> > should use the TCPIP listener.   I want however for the DBA to be able
to
> > use IPC in the event of the emergency.   Any thoughts?

 
 
 

disabling IPC

Post by koert5 » Wed, 13 Mar 2002 07:26:18


Quote:> Of what use would disabling IPC Oracle connections be, on a server that
does
> not have an Oracle database running?

eeeeeeeeeuh like I said the default behaviour for every client was to *try*
IPC *first* ... hence
the parameter to *disable* this kind of behaviour. Going straight to a
network protocol for remote
clients results in faster connects...

Quote:> IPC connections are only possible on the native machine, in the O/S.

by definition - it's interprocess communication ...


> Of what use would disabling IPC Oracle connections be, on a server that
does
> not have an Oracle database running?

> IPC connections are only possible on the native machine, in the O/S.

> Not across to other instances on different servers.......

> RSH.



> > There used to be a sqlnet.ora parameter AUTOMATIC_IPC=ON/OFF.
> > AUTOMATIC_IPC=OFF would be appropriate for a client that has no local
> > database and thus should not even attempt to make a local connection.
> > Default this
> > parameter was ON so all remote clients would try IPC first. Setting the
> > parameter
> > on would have resulted in faster connect times but the time you win here
> is
> > minimal.
> > However - this was only for databases prior to 8i ... it's become
> obsolete.



> > > Hi all:

> > > I have a question.   I have this Oracle DB running on UNIX and I want
to
> > > block users from telneting in and using IPC to talk to the database.
> They
> > > should use the TCPIP listener.   I want however for the DBA to be able
> to
> > > use IPC in the event of the emergency.   Any thoughts?

 
 
 

disabling IPC

Post by Steven Haus » Thu, 14 Mar 2002 02:25:14


You said you do not want to have people telnet to the host.

Try TCP wrappers, look it up on google.

 
 
 

1. pgsql/src/backend/storage/ipc ipc.c

CVSROOT:        /cvsroot
Module name:    pgsql

Modified files:
        src/backend/storage/ipc: ipc.c

Log message:
        Revise shmget() and semget() failure messages to mention the possibility
        of coping by reducing shared_buffers/max_connections settings.

---------------------------(end of broadcast)---------------------------
TIP 2: you can get off all lists at once with the unregister command

2. VB5-Application HANGS while executing SQL Server 6.5 storeprocedure

3. ORACLE and the WEB problem

4. pgsql/src/backend/storage/ipc (ipc.c)

5. Can't get resync to work, also is it the right one in this case?

6. what values did a trigger just insert?

7. pgsql/src/backend/storage/ipc (spin.c ipc.c)

8. pgsql/src/backend/storage/ipc (ipc.c ipci.c)

9. pgsql/src/backend/storage/ipc (ipc.c)

10. pgsql/src/backend/storage/ipc (ipc.c ipci.c shmem.c)

11. pgsql/src/backend/storage/ipc ipc.c