基于DDL触发器的SQL SERVER登录IP限制
创建一个触发器,观测所能获取到的登录信息
| 1 | use master |
| 2 | go |
| 3 | create trigger tr_LoginCheck |
| 4 | on all server |
| 5 | for LOGON |
| 6 | as |
| 7 | declare @data xml, |
| 8 | @EventType varchar(100), |
| 9 | @EventTime datetime, |
| 10 | @ServerName varchar(100), |
| 11 | @ClientHost varchar(100), |
| 12 | @WhoDidIt varchar(100) |
| 13 | set @data=EVENTDATA() |
| 14 | set @EventType = @data.value('(/EVENT_INSTANCE/EventType)[1]', 'varchar(100)') |
| 15 | set @EventTime = @data.value('(/EVENT_INSTANCE/PostTime)[1]','datetime') |
| 16 | set @ServerName = @data.value('(/EVENT_INSTANCE/ServerName)[1]','varchar(100)') |
| 17 | set @ClientHost = @data.value('(/EVENT_INSTANCE/ClientHost)[1]','varchar(100)') |
| 18 | set @WhoDidIt = @data.value('(/EVENT_INSTANCE/LoginName)[1]','varchar(100)') |
| 19 | insert into test..History values (@EventType,@EventTime,@ServerName,@ClientHost,@WhoDidIt) |
| 20 | |
| 21 | go |
| 22 | |
| 23 |
我们可以观测到所有登录当前数据库系统的用户信息
根据以上信息,我们可以根据用户信息来判断登录的合法性。比如,要限制仅仅某个IP能访问数据库系统,则可以这样判断:
| 1 | if EVENTDATA().value('(/EVENT_INSTANCE/ClientHost)[1]', 'varchar(15)') <> '192.168.1.22' |
| 2 | ROLLBACK TRAN |
| 3 | |
| 4 |
浙公网安备 33010602011771号