資訊專欄INFORMATION COLUMN
查看報(bào)錯(cuò)原因:
▼▼▼$ oerr ora 24247
24247, 00000, "network access denied by access control list (ACL)"
// *Cause: No access control list (ACL) has been assigned to the target
// host or the privilege necessary to access the target host has not
// been granted to the user in the access control list.
// *Action: Ensure that an access control list (ACL) has been assigned to
// the target host and the privilege necessary to access the target
// host has been granted to the user.
開發(fā)人員偶爾會(huì)使用這些強(qiáng)大的工具 — 例如,使用 utl_smtp 從數(shù)據(jù)庫內(nèi)發(fā)送郵件,使用 utl_http 提取可在 PL/SQL程序內(nèi)處理的 Web 頁面等等。然而,這些工具帶來了巨大的安全風(fēng)險(xiǎn)。使用utl_tcp,數(shù)據(jù)庫用戶可以到達(dá)該主機(jī)可到達(dá)的任何其他計(jì)算機(jī),甚至不會(huì)遇到系統(tǒng)提示。這曾是 Voyager蠕蟲的慣用伎倆,該病毒一年前剛騷擾過 Oracle 用戶社區(qū)。
為了消除這一風(fēng)險(xiǎn),很多專家建議撤消“從公網(wǎng)執(zhí)行”這些程序包的權(quán)限。但如果開發(fā)人員出于合理原因希望執(zhí)行這些程序包,該怎么辦?
處理步驟:
1. 確認(rèn)應(yīng)用使用的數(shù)據(jù)庫賬號(hào),需要訪問的web地址和端口
2. 創(chuàng)建ACL
▼▼▼SQL> execute DBMS_NETWORK_ACL_ADMIN.CREATE_ACL(ACL => utl_http.xml, DESCRIPTION => HTTP Access, PRINCIPAL => XXXXX, IS_GRANT => true, PRIVILEGE => connect, START_DATE => null, END_DATE => null);
PL/SQL procedure successfully completed.
3. 賦權(quán)resolve
▼▼▼SQL> execute DBMS_NETWORK_ACL_ADMIN.ADD_PRIVILEGE(ACL => utl_http.xml, PRINCIPAL => XXXXX, IS_GRANT => true, PRIVILEGE => resolve, START_DATE => null, END_DATE => null);
PL/SQL procedure successfully completed.
4. 關(guān)聯(lián)host和端口
▼▼▼SQL> execute DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(ACL => utl_http.xml, HOST => 136.22.22.22, LOWER_PORT => 8080, UPPER_PORT => 8090);
PL/SQL procedure successfully completed.
5. 檢查設(shè)置
▼▼▼SQL> SELECT acl,
principal,
privilege,
is_grant,
TO_CHAR(start_date, DD-MON-YYYY) AS start_date,
TO_CHAR(end_date, DD-MON-YYYY) AS end_date
FROM dba_network_acl_privileges;
ACL PRINCIPAL PRIVILEGE IS_GRANT START_DATE END_DATE
------------------------- --------------- ----------------------- ---------- -------------- --------------
/sys/acls/utl_http.xml XXXXX resolve true
/sys/acls/utl_http.xml XXXXX connect true
SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
-------------------- ---------- ---------- ----------------------------------------
136.22.22.22 8080 8090 /sys/acls/utl_http.xml
6. 添加其他的web地址
▼▼▼execute DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(ACL => utl_http.xml, HOST => 136.22.22.22, LOWER_PORT => 8080, UPPER_PORT => 8090);
execute DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(ACL => utl_http.xml, HOST => 136.22.22.23, LOWER_PORT => 3001, UPPER_PORT => null);
execute DBMS_NETWORK_ACL_ADMIN.ASSIGN_ACL(ACL => utl_http.xml, HOST => 136.22.22.24, LOWER_PORT => 3005, UPPER_PORT => null);
SQL> SELECT host, lower_port, upper_port, acl FROM dba_network_acls;
HOST LOWER_PORT UPPER_PORT ACL
-------------------- ---------- ---------- ----------------------------------------
136.22.22.22 8080 8090 /sys/acls/utl_http.xml
136.22.22.23 8080 8090 /sys/acls/utl_http.xml
136.22.22.24 3001 3001 /sys/acls/utl_http.xml
136.22.22.25 3005 3005 /sys/acls/utl_http.xml
7. 應(yīng)用測試
聯(lián)系應(yīng)用人員檢查測試,3個(gè)地址訪問正常,24地址訪問失敗,是目標(biāo)端防火墻限制導(dǎo)致,聯(lián)系相關(guān)人員處理解決。
問題解決。
更多精彩干貨分享
點(diǎn)擊下方名片關(guān)注
IT那活兒
文章版權(quán)歸作者所有,未經(jīng)允許請勿轉(zhuǎn)載,若此文章存在違規(guī)行為,您可以聯(lián)系管理員刪除。
轉(zhuǎn)載請注明本文地址:http://m.specialneedsforspecialkids.com/yun/129850.html
摘要:問題九庫控制文件擴(kuò)展報(bào)錯(cuò)庫的擴(kuò)展報(bào)錯(cuò),用的是裸設(shè)備,和還是原來大小,主庫的沒有報(bào)錯(cuò),并且大小沒有變,求解釋。專家解答從報(bào)錯(cuò)可以看出,控制文件從個(gè)塊擴(kuò)展到個(gè)塊時(shí)報(bào)錯(cuò),而裸設(shè)備最大只支持個(gè)塊,無法擴(kuò)展,可以嘗試將參數(shù)改小,避免控制文件報(bào)錯(cuò)。 鏈接描述引言 近期我們在DBASK小程序新關(guān)聯(lián)了運(yùn)維之美、高端存儲(chǔ)知識(shí)、一森咖記、運(yùn)維咖啡吧等數(shù)據(jù)領(lǐng)域的公眾號(hào),歡迎大家閱讀分享。 問答集萃 接下來,...
閱讀 1353·2023-01-11 13:20
閱讀 1699·2023-01-11 13:20
閱讀 1211·2023-01-11 13:20
閱讀 1902·2023-01-11 13:20
閱讀 4161·2023-01-11 13:20
閱讀 2751·2023-01-11 13:20
閱讀 1397·2023-01-11 13:20
閱讀 3664·2023-01-11 13:20
