[Virtuoso-users] Restrict dba login to localhost

[Davis, Daniel (NIH/NLM) [C]]

Is there any way to restrict DBA login to requests originating from localhost?  
  We have an application that would like to use the JDBC interface, and we've 
exposed port  on the network, but we are a little paranoid about security 
and want to restrict DBA login to the localhost.

In our environment, we haven't turned off conductor and the web server.

Dan Davis, Systems/Applications Architect (Contractor),
Office of Computer and Communications Systems,
National Library of Medicine, NIH

--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users

Re: [Virtuoso-users] Restrict dba login to localhost

[Hugh Williams]

Hi Daniel,

You could write a custom DBEV_LOGIN() function for your Virtuoso instance then 
checks for “dba” login requests and only allow them if the hostname/IP  is 
localhost/127.0.0.1. Details on how to write a custom DBEV_LOGIN() function can 
be found at:

http://docs.openlinksw.com/virtuoso/fn_logins.html#ex_dbev_login
http://docs.openlinksw.com/virtuoso/databaseadmsrv.html#vumloginexthook

The "client_attr ('client_ip’)” call can be used to obtain the IP address of an 
incoming client connection as documented at:

http://docs.openlinksw.com/virtuoso/fn_client_attr.html

Best Regards
Hugh Williams
Professional Services
OpenLink Software, Inc.  //  http://www.openlinksw.com/
Weblog   -- http://www.openlinksw.com/blogs/
LinkedIn -- http://www.linkedin.com/company/openlink-software/
Twitter  -- http://twitter.com/OpenLink
Google+  -- http://plus.google.com/100570109519069333827/
Facebook -- http://www.facebook.com/OpenLinkSoftware
Universal Data Access, Integration, and Management Technology Providers



> On 11 Feb 2016, at 20:01, Davis, Daniel (NIH/NLM) [C]  
> wrote:
> 
> Is there any way to restrict DBA login to requests originating from 
> localhost?We have an application that would like to use the JDBC 
> interface, and we’ve exposed port  on the network, but we are a little 
> paranoid about security and want to restrict DBA login to the localhost.
>  
> In our environment, we haven’t turned off conductor and the web server.
>  
> Dan Davis, Systems/Applications Architect (Contractor),
> Office of Computer and Communications Systems,
> National Library of Medicine, NIH
>  
> --
> Site24x7 APM Insight: Get Deep Visibility into Application Performance
> APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
> Monitor end-to-end web transactions and take corrective actions now
> Troubleshoot faster and improve end-user experience. Signup Now!
> http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
> Virtuoso-users mailing list
> Virtuoso-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/virtuoso-users



smime.p7s
Description: S/MIME cryptographic signature
--
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=272487151&iu=/4140___
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users