Open Source RDBMS - Seamless, Scalable, Stable and Free

한국어 | Login |Register

Versions available for this page: CUBRID 8.4.0 | 

Database Server Access Limitation

Description

To limit the brokers and the CSQL interpreters connecting to the database server, set yes for the access_ip_control parameter in the cubrid.conf file, and input a path of the file in which the list of IP addresses allowed to access theaccess_ip_control_file parameter value is written. You should enter the file path as the absolute path. If you enter the relative path, the system will search the file under the $CUBRID/conf directory in Linux and under the %CUBRID%\conf directory in Windows.

Configure the cubrid.conf file as follows:

# cubrid.conf

access_ip_control=yes

access_ip_control_file="/home1/cubrid1/CUBRID/db.access"

The format of the access_ip_control_file file is as follows:

[@<db_name>]

<ip_addr>

  • <db_name> : A database name that allows an access
  • <ip_addr> : An IP address allowed to access the database. If the last digit of the address is specified as *, the IP addresses are allowed to access the broker server. You can add multiple lines of <ip_addr> to the next line of one database name.

To configure settings for several database servers, it is possible to specify additional [@<db_name>] and <ip_addr>.

If a value for access_ip_control is set to yes and a value for access_ip_control_file is not specified, the server will block an access from all IPs and only allow the access from the localhost. If the analysis of access_ip_control_file fails due to an incorrect format while the server is running, the server will not run.

The following is an example of access_ip_control_file.

[@dbname1]

10.10.10.10

10.156.*

 

[@dbname2]

*

 

[@dbname3]

192.168.1.15

For the above example, the dbname1 database allows the access from the IP of 10.10.10.10 or IPs s starting with 10.156. The dbname2 database allows the access from all IPs. The dbname3 database allows the access from the IP of 192.168.1.15.

For the database which has already been running, you can modify the configuration file or check the currently applied status of configuration by using the following commands.

Syntax

To change the contents of access_ip_control_file and apply it to the server, use the following command.

cubrid server acl reload <database_name>

  • database_name : A database name

To display the IP configuration for the server which is running, use the following command.

cubrid server acl status <database_name>

  • database_name : A database name
Database Server Log

If you access the database server through an IP that is not allowed, the following server error logs will be created in a server error log file.

Time: 10/29/10 17:32:42.360 - ERROR *** ERROR CODE = -1022, Tran = 0, CLIENT = (unknown):(unknown)(-1), EID = 2

Address(10.24.18.66) is not authorized.

Note For more information on how to limit an access to the broker server, see Broker Server Access Limitation.