079 - 8.4 Installing and Configuring SQLNet


Oracle Security
By William Heney, Marlene Theriault
Table of Contents
Chapter 8.  Installing and Starting Oracle

8.4 Installing and Configuring SQL*Net

The advent of a product to enable the interaction with the database from a remote client has been a boon to the computing world. For the Oracle RDBMS, that product was SQL*Net (Net8 for Oracle8). SQL*Net enables the ability to connect to a database in Tokyo from a database in New York and share information between the two. While this ability has been a benefit to industry, it carries with it the potential for security breaches.

8.4.1 Required Files

Connections via SQL*Net are controlled by three files, the LISTENER.ORA file, the TNSNAMES.ORA file, and the SQLNET.ORA file. If you do not define the database in these files (called "configuring the Listener"), connecting to your database from a remote client is virtually impossible . In an environment where the Oracle Names Server is used, the third file, SQLNET.ORA , defines the location of the Names Server and the order in which a database connection is determined. The SQLNET.ORA file indicates either that the Names Server is to be checked first for a database's connection information or that the TNSNAMES.ORA file is to be checked first.

You must configure these files if you are not going to use a Names Server, after installing the SQL*Net product on your system and in order to run a listener process on your system (see the section "About the Names Server" later in this chapter) as follows :


This is a required file on the database server, and it contains the configuration for the listener. If several listeners are to be used on a node, they will all share the same LISTENER.ORA file. The file contains three parts : the area that defines the listening addresses, the SID of each database it listens for, and parameters that define the listener's behavior.


This is a required file on the database server and may or may not be required on the client, depending on whether a Names Server is being used. The file contains a list of the service names of all databases to which you want to connect and information about the connection for example, the protocol being used, the host location, the port, etc.


This file contains diagnostic parameters for the location of log and trace files for SQL*Net clients . If a Names Server is to be used, this file also contains information about the Names Server preferred server names and the Names Server directory path . This file will also designate whether the Names Server or the TNSNAMES.ORA file is to be checked first for connection information.

The listener not only listens for calls from other nodes, but also listens for Interprocess Calls (IPCs) from databases on the same node. Oracle Corporation provides fairly extensive information about configuring each of the files. The DBA is generally the person who configures the listener(s), Names Server(s), and all required support files for these utilities. Installation is easy

The installation of the base SQL*Net product is very straightforward on all platforms. You simply select the product from the installation menu and accept it. You must know what protocols you are using in your environment and select the appropriate one(s) from the list presented. If you are installing a SQL*Net server, you must also identify a client directory location and a client group name .

The SQL*Net configuration may not be quite as straightforward as the installation of the product. In a Windows NT environment, the listener can be automatically configured and started using the installer and default values. To learn more about installing and configuring SQL*Net, see the networking documentation shipped with your Oracle product set. About the Names Server

The first decision to make after installing the SQL*Net product set is whether you want to enable a Names Server to supply the connection information for your databases or whether you want to maintain the connection information yourself. Installing, maintaining, and interacting with the Names Server requires the use of a network manager utility. If you are planning to configure a Names Server to run with an Oracle7 database, you need to use the 16-bit Windows version of the Network Manager product. If you are going to use the Names Server with an Oracle8 database, you will use the Net8 Assistant to configure the Names Server. You can configure a Names Server with the Net8 Assistant for Oracle8 and serve connection information for an Oracle7 database from it. You can even save off the Names Server configuration from the Net8 Assistant to a version 7 database. However, because of the difference in composition of the rowids between Oracle8 and Oracle7, you cannot run an Oracle7 Names Server from an Oracle8 configuration. Oracle Corporation provides a detailed explanation and instructions on how to configure a Names Server with your Oracle product set.

Generally, once you have configured your listener and it is up and running, your clients must install a client version of SQL*Net and create a TNSNAMES.ORA file using a product called Easy Net Config in order to connect to your databases. If you have many databases on your system or if the database names are changing fairly frequently, it will be very difficult for your users to keep track of what their TNSNAMES.ORA file should look like. Each time you upgrade your system, your users will need to upgrade their SQL*Net client software. If the software is distributed from a central network location, there is a very good chance that the user 's current TNSNAMES.ORA file will be overwritten with an incorrect file.

The advantage of using a Names Server is that the only file that needs to be fielded to all of your client machines is a SQLNET.ORA file. All new databases are registered with the Names Server using the utility, and all required files are generated automatically through that utility. The disadvantage is that you must modify the configuration through the Network Manager utility to remain consistent; if you are storing your configuration in a database rather than a system file and your storage site database is not available, clients may not be able to obtain connection information and connect to their database. Another potential disadvantage may be the amount of time it takes for the connection lookup to occur. If several databases are used as Names Servers, each database must be updated to reflect each change in configuration, but you will have backup Names Servers available to serve database connection information if one of your Names Servers is unavailable. The listener and passwords

The second decision that must be made is whether or not each network listener will have an associated password. The default password for a listener is listener , but the password can be changed, as shown in this line of code from a sample LISTENER.ORA file:


If a password is to be used for each listener, you must ensure that the LISTENER.ORA file that stores the password(s) is protected from being read by anyone who is not a DBA charged with supporting the SQL*Net configuration.


Oracle Security
Oracle Security Handbook : Implement a Sound Security Plan in Your Oracle Environment
ISBN: 0072133252
EAN: 2147483647
Year: 1998
Pages: 154

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net