This discussion is archived
1 2 Previous Next 17 Replies Latest reply: May 5, 2013 4:47 AM by BillyVerreynne RSS

Secure Port for SqlDeveloper

yxes2013 Newbie
Currently Being Moderated
Hi All,

I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.

My laptop will the one only allowed to connect to the PROD using OEM and SqlDev . How do I configure it?

What port does Sqldev uses? is it the same listener port 1521? same like the OEM 1158?


Thanks....
  • 1. Re: Secure Port for SqlDeveloper
    Justin Cave Oracle ACE
    Currently Being Moderated
    I'm not quite sure what you are asking. It sounds like you are trying to configure a firewall. Normally, that is a separate server on your network. If this is a toy environment, you might be running some firewall software on the database server itself but that is not a particularly scalable approach. If that's the case, first of all, that's not an Oracle question. You'd need to find a forum that specializes in whatever firewall you're using. You'll need to explain your precise network topology in that forum for someone to be helpful.

    You might, of course, want to look at the documentation for whatever firewall you're using.

    Justin
  • 2. Re: Secure Port for SqlDeveloper
    yxes2013 Newbie
    Currently Being Moderated
    Good Answer! I rate you 99% , and 1% for room of improvement ;)
  • 3. Re: Secure Port for SqlDeveloper
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    yxes2013 wrote:

    I want to secure port for my Sqldeveloper which is on my laptop with IP 100.2.10.200 to connect to a scecured PROD server SLES 11.
    Nonsensical question. SQL-Developer does not listen on a network port. The port it uses will be a client port in the dynamic port range - created when SQL-Developer connects to the Listener port on the Oracle server.

    Also, opened ports are by their very nature not secure. There is thus no such thing as an open and secure port. Open a port as a listening endpoint on a public NIC, and that port, with that service, is exposed to attack.

    The only way to "secure" a port is to remove that from the public network interface all together and run it on localhost (making it a local port only, and inaccessible to everyone else). And this has very limited use. An external client can only use that port via a ssh local tunnel. Which in turns requires you to make port 22/tcp public.
  • 4. Re: Secure Port for SqlDeveloper
    John Stegeman Oracle ACE
    Currently Being Moderated
    The TNS Listener can be configured to only accept connections from specific IP addresses. How to do that is in the documentation.
  • 5. Re: Secure Port for SqlDeveloper
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    An option/feature I dislike... In my view IP based security of that nature belongs further down in iptables, and not as some dorky Listener setting. Never really understood why Oracle had that as a Listener feature.
  • 6. Re: Secure Port for SqlDeveloper
    EdStevens Guru
    Currently Being Moderated
    Billy  Verreynne  wrote:
    An option/feature I dislike... In my view IP based security of that nature belongs further down in iptables, and not as some dorky Listener setting. Never really understood why Oracle had that as a Listener feature.
    Agreed. At my last job a directive came down from higher in the organization mandating we use it. It was such a PITA that the field offices (one of which was where I worked) ended up just ignoring it.
    Bad enough to expect IP filtering at the listener, worse was that it doesn't allow wild cards, thus instead of specifying a subnet, you have to specify each individual ip address ..... in an environment where many of the applications are running on DHCP desktops ...
  • 7. Re: Secure Port for SqlDeveloper
    yxes2013 Newbie
    Currently Being Moderated
    I thanks you all,

    But I dont get the message.

    My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
  • 8. Re: Secure Port for SqlDeveloper
    sb92075 Guru
    Currently Being Moderated
    yxes2013 wrote:
    My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
    we give up.
    can you, Mr. Brilliant?
  • 9. Re: Secure Port for SqlDeveloper
    sybrand_b Guru
    Currently Being Moderated
    Connection Manager -which is not installed in a typical install -allows subnets.
    Objection waived....

    ----------
    Sybrand Bakker
    Senior Oracle DBA
  • 10. Re: Secure Port for SqlDeveloper
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    yxes2013 wrote:

    My point is, can I use sqldeveloper & OEM to monitor ah highly secure database? where every connection is being filtered in a complex firewall?
    SQL-Developer is a client. The database is a server. Firewall in-between.

    So how does it differ from any other scenario where client needs access to server via firewall? The client simply needs to be allowed, by the firewall, access to a specific port on that server IP.

    This does not change because SQL-Developer is being used.
  • 11. Re: Secure Port for SqlDeveloper
    BillyVerreynne Oracle ACE
    Currently Being Moderated
    sybrand_b wrote:
    Connection Manager -which is not installed in a typical install -allows subnets.
    Objection waived....
    But still no substitute for a proper firewall layer like iptables.

    iptables is a pretty awesome piece of software - and does the job exceedingly well.
  • 12. Re: Secure Port for SqlDeveloper
    sybrand_b Guru
    Currently Being Moderated
    Disagree.

    Iptables is a pretty awful piece of software. Hard to understand, hard to manage, badly documented.
    It might do the job ok.
    But it's management is non-intuitive and a piece of black art.

    ----------
    Sybrand Bakker
    Senior Oracle DBA
  • 13. Re: Secure Port for SqlDeveloper
    yxes2013 Newbie
    Currently Being Moderated
    I thank you all :)
  • 14. Re: Secure Port for SqlDeveloper
    EdStevens Guru
    Currently Being Moderated
    sybrand_b wrote:
    Connection Manager -which is not installed in a typical install -allows subnets.
    Objection waived....

    ----------
    Sybrand Bakker
    Senior Oracle DBA
    True enough, but in the case I cited, the directive was specifically to use tcp.invited_nodes. An example of ham-fisted, clueless policy.
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points