Versions available for this page: CUBRID 8.4.0 |
To limit the client applications accessing the broker, set ON for the ACCESS_ CONTROL parameter in the cubrid_broker.conf file, and input a name of the file in which the users and the list of databases and IP addresses allowed to access the ACCESS_CONTROL_FILE parameter value are written. The default value of the ACCESS_CONTROL broker parameter is OFF.
The format of ACCESS_CONTROL_FILE is as follows:
To configure settings for several broker servers, it is possible to specify additional [%<broker_name>] and <db_name>:<db_user>:<ip_list_file>.
The format of the ip_list_file is as follows:
If a value for ACCESS_CONTROL is set to ON and a value for ACCESS_CONTROL_FILE is not specified, the broker will only allow the access requests from the localhost. If the analysis of ACCESS_CONTROL_FILE and ip_list_file fails while a broker is running, the broker will only allow the access requests from the localhost.
If the analysis of ACCESS_CONTROL_FILE and ip_list_file fails while a broker is running, the broker will not run.
The following is an example of ACCESS_CONTROL_FILE. The * symbol represents everything, and you can use it when you want to specify database names, database user IDs and IPs in the IP list file which are allowed to access the broker server.
The brokers specified above are QUERY_EDITOR, BROKER2, BROKER3 and BROKER4.
The QUERY_EDITOR broker only allows the following application access requests.
The following is an example of specifying the IPs allowed in ip_list_file.
The descriptions for the IPs specified in the example above are as follows:
For the broker which has already been running, you can modify the configuration file or check the currently applied status of configuration by using the following commands.
To configure databases, database user IDs and IPs allowed to access the broker and then apply the modified configuration to the server, use the following command.
cubrid broker acl reload [<BR_NAME>]
To display the databases, database user IDs and IPs that are allowed to access the broker in running on the screen, use the following command.
cubrid broker acl status [<BR_NAME>]
If you access the broker through an IP that is not allowed, the following logs will be created.
Note For more information on how to limit an access to the database server, see Database Server Access Limitation.