Community
Select to view content in your preferred language

Is there a way to block sde clients?

553
4
05-22-2013 06:39 PM
runegullstrom
by
New Contributor
‎05-22-2013 06:39 PM
Hi,

I can stop oracle clients from accessing a server by blocking them using "tcp.validnode_checking = yes" in
my sqlnet.ora file. This will stop direct connect clients but not application server clients.

Apart from the obvious 'you should only have direct connect anyway' is there a way to block
specific application server clients from accessing an SDE server?

regards,

Rune
0 Kudos
4 Replies
LeoDonahue
by
Regular Contributor
‎05-22-2013 07:19 PM
  Apart from the obvious 'you should only have direct connect anyway' is there a way to block specific application server clients from accessing an SDE server?
 

Good question.  I don't think so.  Making an application server connection is documented everywhere, so if the ArcSDE service is running on your server, there is not much you can do.

If you installed SDE with the ArcSDE Service in the Post install, then the only way to block application server connections from clients making those kinds of connections is to revoke those logins until the users comply.  This is the mean option.  You gotta do what you gotta do.

Or create a SQL login for them and manage the password.  The only problem with this is if the user shares their .sde connection file with someone else.

Or reinstall ArcSDE and don't install the ArcSDE service option in the post install.  But then you lose the command line stuff.

Just be glad your users haven't figured out what else they can do with application server connections.
0 Kudos
VinceAngelo
by Esri Esteemed Contributor
Esri Esteemed Contributor
‎05-22-2013 07:27 PM
You can usually configure a firewall to block application server connections
from all but a list of allowed IPs, but if you want to restrict certain clients
from all IPs, then there is no way to distinguish between client applications
at any time, much less at connect.

You don't lose command-line access without an application server, you just
need to use the Direct Connect syntax in the connection variables. 

- V
0 Kudos
LeoDonahue
by
Regular Contributor
‎05-22-2013 07:35 PM
Thanks Vince, totally forgot about that.

http://help.arcgis.com/en/geodatabase/10.0/admin_cmds/support_files/connections.htm
0 Kudos
runegullstrom
by
New Contributor
‎05-22-2013 08:42 PM
Thank you Vincent,

didn't know about that, or maybe forgot it. The command line stuff is the only reason I have the service running.
I'll stop it and trust sqlnet.ora to stop our developers accidentally locking our production schema's with their
profiles at deployment time,

thanks,

Rune
0 Kudos