当前位置:网站首页>Sqlserver restricts the ip under which accounts can access the database
Sqlserver restricts the ip under which accounts can access the database
2022-08-10 00:33:00 【lusklusklusk】
Trigger for logon
官方文档
https://docs.microsoft.com/zh-cn/sql/relational-databases/triggers/logon-triggers?view=sql-server-ver16
https://docs.microsoft.com/zh-cn/sql/relational-databases/triggers/capture-logon-trigger-event-data?view=sql-server-ver16
使用 EVENTDATA 函数来返回LOGON事件中ClientHost来判断:
ClientHost:Contains the hostname of the client making the connection. If the client and server names are the same,则此值为“<local_machine>”. 否则,This value is client-side IP 地址.
备注:限制用户testuser只能通过ip 172.22.136.240、172.22.137.251or this machine to log in
USE master;
CREATE TRIGGER connection_limit_trigger
ON ALL SERVER WITH EXECUTE AS 'testuser'
FOR LOGON
AS
BEGIN
IF ORIGINAL_LOGIN()= 'testuser'
AND
(SELECT EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]', 'NVARCHAR(15)'))
NOT IN('172.22.136.240','172.22.137.251','<local machine>')
ROLLBACK;
END;
删除触发器
Drop TRIGGER connection_limit_trigger
Drop TRIGGER connection_limit_trigger ON DATABASE
报错如下
Cannot drop the trigger ‘connection_limit_trigger’, because it does not exist or you do not have permission.
Drop TRIGGER connection_limit_trigger ON ALL SERVER–正常执行
禁用触发器
Disable TRIGGER connection_limit_trigger ON ALL SERVER
Query trigger name and trigger type
select a.name trigger_name, b.type_desc trigger_type,a.*,b.* from sys.server_triggers a inner join sys.server_trigger_events b on a.object_id=b.object_id
通过master.sys.dm_exec_connections字段client_net_address来判断
代码逻辑:用户testuserOnly by local andip 172.22.136.240、172.22.137.251登陆
结果:After discovering that this trigger is created,All users cannot log in
原因:The session will only exist if you are logged inmaster.sys.dm_exec_connections字段client_net_address上有记录,Because we used a trigger to authenticate the login,If you don't log in, there will be no record,So this trigger will prevent all users from logging in
CREATE TRIGGER connection_limit_trigger
ON ALL SERVER WITH EXECUTE AS 'testuser'
FOR LOGON
AS
BEGIN
IF ORIGINAL_LOGIN()= 'testuser' AND
(select top 1 b.client_net_address from sys.dm_exec_sessions a inner join master.sys.dm_exec_connections b on
a.session_id=b.session_id and a.login_name='testuser'
order by login_time desc
)
not in('172.22.136.240','172.22.137.251','<local machine>')
ROLLBACK;
END;
边栏推荐
- Leetcode 530. 二叉搜索树的最小绝对差
- 【AtomicInteger】常规用法
- 【Leetcode】2104. Sum of Subarray Ranges
- 友元类和友元函数
- What are the basic steps to develop a quantitative trading strategy?
- 【微信小程序开发(八)】音频背景音乐播放问题汇总
- torch.distributed多卡/多GPU/分布式DPP(二)——torch.distributed.all_reduce(reduce_mean)&barrier&控制进程执行顺序&随机数种子
- 6款跨境电商常用工具汇总
- shell数组
- 请讲一讲JS中的 for...in 与 for...of (上)
猜你喜欢
随机推荐
【AtomicInteger】常规用法
Leetcode 235. 二叉搜索树的最近公共祖先
Gartner全球集成系统市场数据追踪,超融合市场增速第一
VR全景拍摄如何拍摄?如何使用拍摄器材?
&& 不是此版本的有效语句分隔符
(转)FreeType字体位图属性
2022年最新《谷粒学院开发教程》:10 - 前台支付模块
如何正则匹配乱码?
华为云全流程护航《流浪方舟》破竹首发,打造口碑爆款
leetcode 20. Valid Parentheses 有效的括号(中等)
友元类和友元函数
学习编程的第十二天
数字与中文大写数字互转(5千万亿亿亿亿以上的数字也支持转换)
ArrayList 和 LinkedList 区别
【Leetcode】2104. Sum of Subarray Ranges
少儿编程 电子学会图形化编程等级考试Scratch三级真题解析(判断题)2022年6月
杂谈——程序员的悲哀
Mysql集群 ShardingSphere
Users should clearly know that quantitative trading is not a simple procedure
YGG 经理人杯总决赛已圆满结束,来看看这份文字版总结!