Is is possible to use TCP.INVITED_NODES for a specific listener
Posted on 2005-02-24
I'm tired of trying to decipher the docs and I'm getting lazy so I'm using some points:
Explaination attempt #1 (there will be another to follow. I always hate trying to explain what I mean.......):
I have a DB server that was once limited to intranet applications. We now have a need to expose access to an Internet web site. I would like to obscure as many of the specifics as I can. So what I was thinking is that I could bind a different ip address to the DB server, create another listener on a different port using this new ip address and potentially use INVITED_NODES for just that listener from that specific web server.
Explaination attempt #2:
Have server DBSVR1 who's data is access from several machines well protected in an intranet. We now wish to expose WEBSVR1 to the internet and have an application access data on DBSVR1. Without affecting any current applications/users I would like to protect a majority of the DB connection stuff in the event WEBSVR1 is hacked. The thought was that all current apps use the existing listener which connects to the existing IP etc... and to create a bogus IP and a new listener specifically for this IP and use this info for the tnsnames on WEBSVR1.
From the reading I've done, it appears that using INVITED_NODES is set for the entire instance in the sqlnet.ora file and I can't set it up for a specific listener (listener1 everyone welcome. listener2 only a specific node is welcome).
I already know about creating a replicated/standby/etc... DB but would prefer to do it with the existing DB and set up a restricted user specifically for this app.
That said: Has anyone come up with a solution to a similar problem.
Version 10.1.0.3 Client and Server
and I'll be leaving for the evning very soon and won't be able to respond until tomorrow. Hopefully my inbox will be full of valid soultions w/o the need for further explaination (I can hope can't I....)