To limit brokers and the CSQL Interpreter connecting to the database server, configure the parameter value of access_ip_control in the cubrid.conf file to yes and enter the path of a file in which the list of IP addresses allowed to access the access_ip_control_file parameter value is written. You should enter the absolute file path. If you enter the relative path, the system will search the file under the $CUBRID/conf directory on Linux and under the %CUBRID%\conf directory on Windows.
The following example shows how to configure the cubrid.conf file.
# cubrid.conf
access_ip_control=yes
access_ip_control_file="/home1/cubrid1/CUBRID/db.access"
The following example shows the format of the access_ip_control_file file.
[@<db_name>]
<ip_addr>
…
To configure several databases, it is possible to specify additional [@<db_name>] and <ip_addr>.
Accessing any IP address except localhost is blocked by server if access_ip_control is configured to yes but ip_control_file is not configured. A server will not run if analyzing access_ip_control_file fails caused by incorrect format.
The following example shows access_ip_control_file.
[@dbname1]
10.10.10.10
10.156.*
[@dbname2]
*
[@dbname3]
192.168.1.15
The example above shows that dbname1 database allows the access of IP addresses starting with 10.156; dbname2 database allows the access of every IP address; dbname3 database allows the access of an IP address, 192.168.1.15, only.
For the database which has already been running, you can modify a configuration file or you can check the currently applied status by using the following commands.
To change the contents of access_ip_control_file and apply it to server, use the following command.
cubrid server acl reload <database_name>
To display the IP configuration of a sever which is currently running, use the following command.
cubrid server acl status <database_name>
The following log is created in the file of a server error log if an IP address that is not allowed to access is used.
Time: 10/29/10 17:32:42.360 - ERROR *** ERROR CODE = -1022, Tran = 0, CLIENT = (unknown):(unknown)(-1), EID = 2
Address(10.24.18.66) is not authorized.
Note For details on how to limit an access to the broker server, see Limiting Broker Server Access.