Visit Our UNIX and Linux User Community


Restrict remote DB connection from PERL


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Restrict remote DB connection from PERL
# 1  
Old 08-27-2015
Restrict remote DB connection from PERL

I have PERL code to connect to Oracle database using DBI.

e.g.

$PERL -e "use DBI; DBI->connect(qw(DBI:Oracle:db111 testu testpass));"



by using DBI , if remote DB added to tnsnames.ora , I can connect using DBI . is there a way to restrict not to connect to remote DB using DBI ?


Thanks
# 2  
Old 08-27-2015
This does not make much sense to me.

If a user has access to a database through code, and the user can develop & run his own code against the database then your security is the problem. PROD databases are not supposed to allow that. Block the user either at the source or at the oracle login.


Try:
1. move the user to another box that cannot access PROD or whatever
2. change tnsnames.ora - stop everyone
3. create two client oracle directory trees. The only difference is the tnsnames.ora in one tree does not allow the DB box/or users you want to block. Set up the problem user in a group, such that he uses the limited directory and cannot see the other. In other words effectively change ORACLE_HOME for him/her.

DBI used to require an ODBC license from oracle. Put the problem user in a group that cannot activate the license file. You can also remove/delete/uninstall the DBI code from the perl install. You can also put the DBI pm files in a directory some users cannot read. So they cannot excute perl DBI.

You know, if you told us what the actaul problem was instead of asking how to implement a really unusual off-the-wall kind of fix, we could help.

I'm sure you know that trying to block DBI acess to oracle from another server pretty much means nobody on the non-db server will be able to use it. You can disable DBI locally, on the remote server, not remotely on the DB server.

Previous Thread | Next Thread
Test Your Knowledge in Computers #369
Difficulty: Medium
The name bytecode originates from instruction sets that have zero-byte opcodes followed by optional parameters.
True or False?

10 More Discussions You Might Find Interesting

1. Web Development

Restrict user for certain number of connection

Hello, I need help in Apache to restrict user for number of concurrent connection. its basically related to nagios monitoring site. End user opening N no of tab to monitor and it increase load on server. any setting will help me here. (3 Replies)
Discussion started by: ghpradeep
3 Replies

2. Programming

Perl: restrict perl from automaticaly creating a hash branches on check

My issue is that the perl script (as I have done it so far) created empty branches when I try to check some branches on existence. I am using multydimentional hashes: found it as the best way for information that I need to handle. Saing multidimentional I means hash of hashes ... So, I have ... (2 Replies)
Discussion started by: alex_5161
2 Replies

3. Shell Programming and Scripting

Remote connection

How can we connect to remote computers with a bash script.? (1 Reply)
Discussion started by: diw10
1 Replies

4. UNIX for Dummies Questions & Answers

ssh_exchange_identification: Connection closed by remote host Connection closed

Hi Everyone, Good day. Scenario: 2 unix servers -- A (SunOS) and B (AIX) I have an ftp script to sftp 30 files from A to B which happen almost instantaneously i.e 30 sftp's happen at the same time. Some of these sftp's fail with the following error: ssh_exchange_identification: Connection... (1 Reply)
Discussion started by: jeevan_fimare
1 Replies

5. Linux

GUI remote connection

Hello, I need a tool for remote GUI connection to Linux machine ,something like remote Desktop in windows?????any help Thanks in advance (4 Replies)
Discussion started by: mm00123
4 Replies

6. SCO

Remote connection trought Telnet

Well... finally I took and old SCO Server and it works fine to keep working my ERP, but now I have a "LITTLE" trouble... with the other server we've made a connection trought TinyTerm with a DYNDNS Domain, in my firewall I noticed that there's a RULE establishing that the IP 192.168.0.1 (Server IP... (4 Replies)
Discussion started by: LIA_RAG
4 Replies

7. Shell Programming and Scripting

Remote SSH Connection Using Script

Hi, I am new to Shell Scripting. Can anybody help me in writing a Script Which Could Login from a Unix box to a Remote Unix box which accepts the user credentials automatically and display the result for checking the Disk Space Utilisation (Without running any SSH agent). (1 Reply)
Discussion started by: ajith_tg
1 Replies

8. Shell Programming and Scripting

Remote Connection (SSH)

Hello all, I connect usually to one enviornment "dev" daily and then ftp some files to some other enviorment "uat" and then login to "uat" and run some scripts to process these files. I was thinking to automate the process, where running one script from "dev" will complete all task required... (11 Replies)
Discussion started by: RishiPahuja
11 Replies

9. UNIX for Advanced & Expert Users

remote connection

Hi: Can i access my Linux Box from a remote machine, Login and Run a program(eg: netscape) in a particular display number. Assuming i do not have XServer running in my machine Appreciate the help Thanks, Preetham. (5 Replies)
Discussion started by: preetham
5 Replies

10. UNIX for Dummies Questions & Answers

I need remote connection help

I am very new to all of this. I tcsh into a Unix box at work. I receive "hints" from a guy here at work that is helping me without doing everything for me. I need to use rx display to x connect to a remote host. I then need to tell the machine (unsure if he meant mine or the box I connected... (2 Replies)
Discussion started by: noobie_doo
2 Replies

Featured Tech Videos