Open Source RDBMS - Seamless, Scalable, Stable and Free

한국어 | Login |Register

Versions available for this page: CUBRID 8.4.1 |  CUBRID 8.4.3 |  CUBRID 9.0.0 | 



Limiting Database Server Access

Description

To limit brokers and the CSQL Interpreter connecting to the database server, configure the parameter value of access_ip_control in the cubrid.conf file to yes and enter the path of a file in which the list of IP addresses allowed to access the access_ip_control_file parameter value is written. You should enter the absolute file path. If you enter the relative path, the system will search the file under the $CUBRID/conf directory on Linux and under the %CUBRID%conf directory on Windows.

The following example shows how to configure the cubrid.conf file.

# cubrid.conf

access_ip_control=yes

access_ip_control_file="/home1/cubrid1/CUBRID/db.access"

The following example shows the format of the access_ip_control_file file.

[@<db_name>]

<ip_addr>

  • <db_name> : The name of a database in which access is allowed
  • <ip_addr> : The IP address allowed to access a database. Using an asterisk (*) at the last digit means that all IP addresses are allowed. Several lines of <ip_addr> can be added in the next line of the name of a database.

To configure several databases, it is possible to specify additional [@<db_name>] and <ip_addr>.

Accessing any IP address except localhost is blocked by server if access_ip_control is configured to yes but ip_control_file is not configured. A server will not run if analyzing access_ip_control_file fails caused by incorrect format.

The following example shows access_ip_control_file.

[@dbname1]

10.10.10.10

10.156.*

 

[@dbname2]

*

 

[@dbname3]

192.168.1.15

The example above shows that dbname1 database allows the access of IP addresses starting with 10.156; dbname2 database allows the access of every IP address; dbname3 database allows the access of an IP address, 192.168.1.15, only.

For the database which has already been running, you can modify a configuration file or you can check the currently applied status by using the following commands.

Syntax

To change the contents of access_ip_control_file and apply it to server, use the following command.

cubrid server acl reload <database_name>

  • database_name : Database name

To display the IP configuration of a sever which is currently running, use the following command.

cubrid server acl status <database_name>

  • database_name : Database name
Database Server Log

The following log is created in the file of a server error log if an IP address that is not allowed to access is used.

Time: 10/29/10 17:32:42.360 - ERROR *** ERROR CODE = -1022, Tran = 0, CLIENT = (unknown):(unknown)(-1), EID = 2

Address(10.24.18.66) is not authorized.

Note For details on how to limit an access to the broker server, see Limiting Broker Server Access.