From 00b2941da3e9f17bffa5c14051e1a51f329001e4 Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Thu, 19 Sep 2024 16:28:32 +0900 Subject: [PATCH 1/6] [CUBRIDMAN-234] Add broker parameters for ACL per broker --- en/admin/config.rst | 286 ++++++++++++++++++++++--------------------- en/admin/control.rst | 19 ++- ko/admin/config.rst | 282 +++++++++++++++++++++--------------------- ko/admin/control.rst | 15 ++- 4 files changed, 321 insertions(+), 281 deletions(-) diff --git a/en/admin/config.rst b/en/admin/config.rst index 4ccaade20..251193ac3 100644 --- a/en/admin/config.rst +++ b/en/admin/config.rst @@ -2439,145 +2439,147 @@ Broker System Parameters The following table shows the broker parameters available in the broker configuration file (**cubrid_broker.conf**). For details, see :ref:`broker-common-parameters` and :ref:`parameter-by-broker`. You can temporarily change the parameter of which configuration values can be dynamically changed by using the **broker_changer** utility. To apply configuration values even after restarting all brokers with **cubrid broker restart**, you should change the values in the **cubrid_broker.conf** file. -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| Category | Use | Parameter Name | Type | Default Value | Dynamic | -| | | | | | Changes | -+=================================+=========================+=================================+========+==============================+===========+ -| :ref:`broker-common-parameters` | Access | ACCESS_CONTROL | bool | no | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_FILE | string | | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Logging | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Broker server | MASTER_SHM_ID | int | 30,001 | | -| | (cub_broker) | | | | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| :ref:`parameter-by-broker` | Access | ACCESS_LIST | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_MODE | string | RW | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | BROKER_PORT | int | 30,000(max : 65,535) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | CONNECT_ORDER | string | SEQ | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ENABLE_MONITOR_HANG | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | KEEP_CONNECTION | string | AUTO | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | PREFERRED_HOSTS | string | | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | RECONNECT_TIME | sec | 600 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | REPLICA_ONLY | string | OFF | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Broker App. Server(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32bit: 40, | available | -| | | | | Windows 64bit: 80, | | -| | | | | Linux: 0(max: 2,097,151) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_SHM_ID | int | 30,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | AUTO_ADD_APPL_SERVER | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_APPL_SERVER | int | 40 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MIN_NUM_APPL_SERVER | int | 5 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TIME_TO_KILL | sec | 120 | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Transaction & Query | CCI_DEFAULT_AUTOCOMMIT | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_QUERY_TIME | sec | 60(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_TRANSACTION_TIME | sec | 60(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_PREPARED_STMT_COUNT | int | 2,000(min: 1) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_QUERY_TIMEOUT | sec | 0(max: 86,400) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SESSION_TIMEOUT | sec | 300 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | STATEMENT_POOLING | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_HINT_ONLY | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TRIGGER_ACTION | string | ON | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Logging | ACCESS_LOG | string | OFF | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_DIR | string | log/broker | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_MAX_SIZE | KB | 10M(max: 2G) | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ERROR_LOG_DIR | string | log/broker/error_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LOG_DIR | string | log/broker/sql_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG_DIR | string | log/broker/sql_log | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG | string | ON | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG_MAX_SIZE | KB | 10,000 | available | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Shard | SHARD | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_PASSWORD | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_USER | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_IGNORE_HINT | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FILE | string | shard_key.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FUNCTION_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_LIBRARY_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_MODULAR | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_CLIENTS | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_NUM_PROXY | int | 1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG | string | ERROR | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | available | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_SHM_ID | int | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_TIMEOUT | sec | 30(second) | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | Etc | MAX_STRING_LENGTH | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SERVICE | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SSL | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SOURCE_ENV | string | cubrid.env | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | NET_BUF_SIZE | KB | 16K | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| Category | Use | Parameter Name | Type | Default Value | Dynamic | +| | | | | | Changes | ++=================================+=========================+=========================================+========+==============================+===========+ +| :ref:`broker-common-parameters` | Access | ACCESS_CONTROL | bool | no | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_FILE | string | | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Logging | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Broker server | MASTER_SHM_ID | int | 30,001 | | +| | (cub_broker) | | | | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| :ref:`parameter-by-broker` | Access | ACCESS_LIST | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_MODE | string | RW | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | BROKER_PORT | int | 30,000(max : 65,535) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | CONNECT_ORDER | string | SEQ | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ENABLE_MONITOR_HANG | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | KEEP_CONNECTION | string | AUTO | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | PREFERRED_HOSTS | string | | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | RECONNECT_TIME | sec | 600 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | REPLICA_ONLY | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | string | DENY | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Broker App. Server(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32bit: 40, | available | +| | | | | Windows 64bit: 80, | | +| | | | | Linux: 0(max: 2,097,151) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_SHM_ID | int | 30,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | AUTO_ADD_APPL_SERVER | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_APPL_SERVER | int | 40 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MIN_NUM_APPL_SERVER | int | 5 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TIME_TO_KILL | sec | 120 | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Transaction & Query | CCI_DEFAULT_AUTOCOMMIT | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_QUERY_TIME | sec | 60(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_TRANSACTION_TIME | sec | 60(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_PREPARED_STMT_COUNT | int | 2,000(min: 1) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_QUERY_TIMEOUT | sec | 0(max: 86,400) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SESSION_TIMEOUT | sec | 300 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | STATEMENT_POOLING | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_HINT_ONLY | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TRIGGER_ACTION | string | ON | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Logging | ACCESS_LOG | string | OFF | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_DIR | string | log/broker | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_MAX_SIZE | KB | 10M(max: 2G) | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ERROR_LOG_DIR | string | log/broker/error_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LOG_DIR | string | log/broker/sql_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG_DIR | string | log/broker/sql_log | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG | string | ON | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG_MAX_SIZE | KB | 10,000 | available | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Shard | SHARD | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_PASSWORD | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_USER | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_IGNORE_HINT | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FILE | string | shard_key.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FUNCTION_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_LIBRARY_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_MODULAR | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_CLIENTS | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_NUM_PROXY | int | 1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG | string | ERROR | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | available | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_SHM_ID | int | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_TIMEOUT | sec | 30(second) | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | Etc | MAX_STRING_LENGTH | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SERVICE | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SSL | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SOURCE_ENV | string | cubrid.env | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | NET_BUF_SIZE | KB | 16K | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ Default Parameters ^^^^^^^^^^^^^^^^^^ @@ -2722,6 +2724,12 @@ Access Please note that replication mismatch occurs when you write the data directly to the replica DB. +.. _access_control_behavior_for_emptybroker: + +**ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** + + If no broker is specified in **ACCESS_CONTROL_FILE** and the value of **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is **ALLOW** , all access to the broker are allowed. The default is **DENY**. For more information, see :ref:`limiting-broker-access`. + Broker App. Server(CAS) ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/en/admin/control.rst b/en/admin/control.rst index 92a16beba..6758fb4dc 100644 --- a/en/admin/control.rst +++ b/en/admin/control.rst @@ -1462,8 +1462,8 @@ Limiting Broker Access ---------------------- To limit the client applications accessing the broker, set to **ON** for the **ACCESS_ CONTROL** parameter in the **cubrid_broker.conf** file, and enter a name of the file in which the users and the list of databases and IP addresses allowed to access the **ACCESS_CONTROL_FILE** parameter value are written. -The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. -The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified. +The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. If there is no broker name in ACCESS_CONTROL_FILE, all access to that broker will be restricted. In this case, you can allow all access by setting the ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER parameter. +The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified and **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be written for each broker. The format of **ACCESS_CONTROL_FILE** is as follows: @@ -1491,6 +1491,12 @@ The format of the ip_list_file is as follows: * : An IP address that is allowed to access the server. If the last digit of the address is specified as \*, all IP addresses in that rage are allowed to access the broker server. If a value for **ACCESS_CONTROL** is set to ON and a value for **ACCESS_CONTROL_FILE** is not specified, the broker will only allow the access requests from the localhost. +However, if **ACCESS_CONTROL_FILE** is not specified, for brokers, if **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is set to ALLOW, the broker will allow all access requests. + +Broker access restrictions not specified in **ACCESS_CONTROL_FILE**. + +* Allow access only from localhost. (default) +* If ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER is set to ALLOW, all access is allowed. If the analysis of **ACCESS_CONTROL_FILE** and ip_list_file fails when starting a broker, the broker will not be run. @@ -1505,6 +1511,7 @@ If the analysis of **ACCESS_CONTROL_FILE** and ip_list_file fails when starting [%QUERY_EDITOR] SERVICE =ON BROKER_PORT =30000 + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER = ALLOW ...... The following example shows the content of **ACCESS_CONTROL_FILE**. The * symbol represents everything, and you can use it when you want to specify database names, database user IDs and IPs in the IP list file which are allowed to access the broker server. @@ -1578,6 +1585,7 @@ The below is an example of displaying results. ACCESS_CONTROL_FILE=access_file.txt [%broker1] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=DENY demodb:dba:iplist1.txt CLIENT IP LAST ACCESS TIME ========================================== @@ -1591,7 +1599,12 @@ The below is an example of displaying results. CLIENT IP LAST ACCESS TIME ========================================== * 2013-11-08 10:10:12 - + + [%broker2] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=ALLOW + + ++ cubrid broker acl: success + **Broker Logs** If you try to access brokers through IP addresses that are not allowed, the following logs will be created. diff --git a/ko/admin/config.rst b/ko/admin/config.rst index c6adb0ba5..2675b9fe2 100644 --- a/ko/admin/config.rst +++ b/ko/admin/config.rst @@ -2412,143 +2412,145 @@ cubrid_broker.conf 설정 파일과 기본 제공 파라미터 다음은 **cubrid_broker.conf** 설정 파일에 사용할 수 있는 브로커 파라미터이다. 각 파라미터에 대한 설명은 :ref:`broker-common-parameters` 및 :ref:`parameter-by-broker` 를 참조한다. 동적으로 설정값 변경이 가능한 파라미터는 **broker_changer** 유틸리티를 이용하여 한시적으로 변경할 수 있다. **cubrid broker restart** 로 전체 브로커를 재시작한 후에도 값이 적용되도록 하려면 **cubrid_broker.conf** 에 설정된 값을 변경해 두어야 한다. -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| 적용 구분 | 용도 | 파라미터 이름 | 타입 | 기본값 | 동적 변경 | -+=================================+=========================+=================================+========+==============================+===========+ -| :ref:`broker-common-parameters` | 접속 | ACCESS_CONTROL | bool | no | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_FILE | string | | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 로그 | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 브로커 서버(cub_broker) | MASTER_SHM_ID | int | 30,001 | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ -| :ref:`parameter-by-broker` | 접속 | ACCESS_LIST | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_MODE | string | RW | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | BROKER_PORT | int | 30,000(최대값: 65,535) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | CONNECT_ORDER | string | SEQ | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ENABLE_MONITOR_HANG | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | KEEP_CONNECTION | string | AUTO | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | PREFERRED_HOSTS | string | | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | RECONNECT_TIME | sec | 600 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | REPLICA_ONLY | string | OFF | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 브로커 응용 서버(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32비트: 40, | 가능 | -| | | | | Windows 64비트: 80, | | -| | | | | Linux: 0 (최대값: 2,097,151) | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024(최대값: 2,097,151) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | APPL_SERVER_SHM_ID | int | 30,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | AUTO_ADD_APPL_SERVER | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_NUM_APPL_SERVER | int | 40 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MIN_NUM_APPL_SERVER | int | 5 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TIME_TO_KILL | sec | 120 | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 트랜잭션 및 질의 | CCI_DEFAULT_AUTOCOMMIT | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_QUERY_TIME | sec | 60(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LONG_TRANSACTION_TIME | sec | 60(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_PREPARED_STMT_COUNT | int | 2,000(최소값: 1) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | MAX_QUERY_TIMEOUT | sec | 0(최대값: 86,400) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SESSION_TIMEOUT | sec | 300 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | STATEMENT_POOLING | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_HINT_ONLY | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | TRIGGER_ACTION | string | ON | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 로그 | ACCESS_LOG | string | OFF | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_DIR | string | log/broker | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_LOG_MAX_SIZE | KB | 10M(최대값: 2G) | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | ERROR_LOG_DIR | string | log/broker/error_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | LOG_DIR | string | log/broker/sql_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SLOW_LOG_DIR | string | log/broker/sql_log | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG | string | ON | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SQL_LOG_MAX_SIZE | KB | 10000 | 가능 | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 샤드 | SHARD | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_PASSWORD | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_DB_USER | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_IGNORE_HINT | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FILE | string | shard_key.txt | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_FUNCTION_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_LIBRARY_NAME | string | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_KEY_MODULAR | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_CLIENTS | int | 256 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_NUM_PROXY | int | 1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG | string | ERROR | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | 가능 | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_SHM_ID | int | | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SHARD_PROXY_TIMEOUT | sec | 30(초) | | -| +-------------------------+---------------------------------+--------+------------------------------+-----------+ -| | 기타 | MAX_STRING_LENGTH | int | -1 | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SERVICE | string | ON | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SSL | string | OFF | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | SOURCE_ENV | string | cubrid.env | | -| | +---------------------------------+--------+------------------------------+-----------+ -| | | NET_BUF_SIZE | KB | 16K | | -+---------------------------------+-------------------------+---------------------------------+--------+------------------------------+-----------+ ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| 적용 구분 | 용도 | 파라미터 이름 | 타입 | 기본값 | 동적 변경 | ++=================================+=========================+=========================================+========+==============================+===========+ +| :ref:`broker-common-parameters` | 접속 | ACCESS_CONTROL | bool | no | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_FILE | string | | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 로그 | ADMIN_LOG_FILE | string | log/broker/cubrid_broker.log | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 브로커 서버(cub_broker) | MASTER_SHM_ID | int | 30,001 | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| :ref:`parameter-by-broker` | 접속 | ACCESS_LIST | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_MODE | string | RW | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | BROKER_PORT | int | 30,000(최대값: 65,535) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | CONNECT_ORDER | string | SEQ | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ENABLE_MONITOR_HANG | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | KEEP_CONNECTION | string | AUTO | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_DELAYED_HOSTS_LOOKUP | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | PREFERRED_HOSTS | string | | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | RECONNECT_TIME | sec | 600 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | REPLICA_ONLY | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | string | DENY | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 브로커 응용 서버(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32비트: 40, | 가능 | +| | | | | Windows 64비트: 80, | | +| | | | | Linux: 0 (최대값: 2,097,151) | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_MAX_SIZE_HARD_LIMIT | MB | 1,024(최대값: 2,097,151) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_PORT | int | BROKER_PORT+1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | APPL_SERVER_SHM_ID | int | 30,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | AUTO_ADD_APPL_SERVER | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_NUM_APPL_SERVER | int | 40 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MIN_NUM_APPL_SERVER | int | 5 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TIME_TO_KILL | sec | 120 | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 트랜잭션 및 질의 | CCI_DEFAULT_AUTOCOMMIT | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_QUERY_TIME | sec | 60(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LONG_TRANSACTION_TIME | sec | 60(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_PREPARED_STMT_COUNT | int | 2,000(최소값: 1) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | MAX_QUERY_TIMEOUT | sec | 0(최대값: 86,400) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SESSION_TIMEOUT | sec | 300 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | STATEMENT_POOLING | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_HINT_ONLY | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | JDBC_CACHE_LIFE_TIME | sec | 1000 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | TRIGGER_ACTION | string | ON | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 로그 | ACCESS_LOG | string | OFF | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_DIR | string | log/broker | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ACCESS_LOG_MAX_SIZE | KB | 10M(최대값: 2G) | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | ERROR_LOG_DIR | string | log/broker/error_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | LOG_DIR | string | log/broker/sql_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SLOW_LOG_DIR | string | log/broker/sql_log | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG | string | ON | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SQL_LOG_MAX_SIZE | KB | 10000 | 가능 | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 샤드 | SHARD | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_CONNECTION_FILE | string | shard_connection.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_PASSWORD | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_DB_USER | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_IGNORE_HINT | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FILE | string | shard_key.txt | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_FUNCTION_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_LIBRARY_NAME | string | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_KEY_MODULAR | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_CLIENTS | int | 256 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_MAX_PREPARED_STMT_COUNT | int | 10,000 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_NUM_PROXY | int | 1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_CONN_WAIT_TIMEOUT | sec | 8h | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG | string | ERROR | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_DIR | string | log/broker/proxy_log | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_LOG_MAX_SIZE | KB | 100,000 | 가능 | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_SHM_ID | int | | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SHARD_PROXY_TIMEOUT | sec | 30(초) | | +| +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ +| | 기타 | MAX_STRING_LENGTH | int | -1 | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SERVICE | string | ON | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SSL | string | OFF | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | SOURCE_ENV | string | cubrid.env | | +| | +-----------------------------------------+--------+------------------------------+-----------+ +| | | NET_BUF_SIZE | KB | 16K | | ++---------------------------------+-------------------------+-----------------------------------------+--------+------------------------------+-----------+ 기본 제공 파라미터 ^^^^^^^^^^^^^^^^^^ @@ -2693,6 +2695,12 @@ CUBRID 설치 시 생성되는 기본 브로커 설정 파일인 **cubrid_broker 레플리카에 직접 데이터를 쓰는 경우 복제 불일치가 발생함에 주의해야 한다. +.. _access_control_behavior_for_emptybroker: + +**ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** + + **ACCESS_CONTROL_FILE** 에 지정한 브로커가 없고 **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값이 **ALLOW** 인 경우, 브로커에 접속을 모두 허용한다. 기본값은 **DENY** 이다. 자세한 내용은 :ref:`limiting-broker-access` 을 참고한다. + 브로커 응용 서버(CAS) ^^^^^^^^^^^^^^^^^^^^^ diff --git a/ko/admin/control.rst b/ko/admin/control.rst index 748d0ac8d..9f59280e4 100644 --- a/ko/admin/control.rst +++ b/ko/admin/control.rst @@ -1454,8 +1454,9 @@ SHARD-Q는 Shard Waiting Queue를 줄인 말이다. SHARD proxy 프로세스가 --------------------- 브로커에 접속하는 응용 클라이언트를 제한하려면 **cubrid_broker.conf**\의 **ACCESS_CONTROL** 파라미터 값을 ON으로 설정하고, **ACCESS_CONTROL_FILE** 파라미터 값에 접속을 허용하는 사용자와 데이터베이스 및 IP 목록을 작성한 파일 이름을 입력한다. +만약 ACCESS_CONTROL_FILE에 브로커 이름이 없으면, 해당 브로커로의 모든 접속이 제한된다. 이 경우, ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER 파라미터를 설정하여 모든 접속을 허용할 수 있다. **ACCESS_CONTROL** 브로커 파라미터의 기본값은 **OFF**\이다. -**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 한다. +**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 하며, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 파라미터는 각각의 브로커에 작성하애 한다. **ACCESS_CONTROL_FILE**\ 의 형식은 다음과 같다. @@ -1482,7 +1483,13 @@ ip_list_file의 작성 형식은 다음과 같다. * : 접근을 허용할 IP 명. 뒷자리를 \*로 입력하면 뒷자리의 모든 IP를 허용한다. -**ACCESS_CONTROL** 값이 ON인 상태에서 **ACCESS_CONTROL_FILE**\이 지정되지 않으면 브로커는 localhost에서의 접속 요청만을 허용한다. +**ACCESS_CONTROL** 값이 ON 상태에서 **ACCESS_CONTROL_FILE**\에 지정되지 않으면 브로커는 localhost에서만 접속을 허용한다. +그러나 **ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커의 경우, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값을 ALLOW로 설정하면, 브로커는 모든 접속 요청을 허용한다. + +**ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커 접속 제한 방식. + +* localhost에서만 접속 허용. (기본) +* ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER를 ALLOW 로 설정하면 모든 접속 허용. 브로커 구동 시 **ACCESS_CONTROL_FILE** 및 ip_list_file 분석에 실패하는 경우 브로커는 구동되지 않는다. @@ -1570,6 +1577,7 @@ QUERY_EDITOR 브로커는 다음과 같은 응용의 접속 요청만을 허용 ACCESS_CONTROL_FILE=access_file.txt [%broker1] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=DENY demodb:dba:iplist1.txt CLIENT IP LAST ACCESS TIME ========================================== @@ -1584,6 +1592,9 @@ QUERY_EDITOR 브로커는 다음과 같은 응용의 접속 요청만을 허용 ========================================== * 2013-11-08 10:10:12 + [%broker2] + ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER=ALLOW + **브로커 로그** 허용되지 않는 IP에서 접근하면 다음과 같은 로그가 남는다. From 8a49e34e5f3425e35ab8118e3921257812e1cdc5 Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Fri, 20 Sep 2024 14:05:51 +0900 Subject: [PATCH 2/6] change text --- ko/admin/control.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ko/admin/control.rst b/ko/admin/control.rst index 9f59280e4..e3fbc2141 100644 --- a/ko/admin/control.rst +++ b/ko/admin/control.rst @@ -1456,7 +1456,7 @@ SHARD-Q는 Shard Waiting Queue를 줄인 말이다. SHARD proxy 프로세스가 브로커에 접속하는 응용 클라이언트를 제한하려면 **cubrid_broker.conf**\의 **ACCESS_CONTROL** 파라미터 값을 ON으로 설정하고, **ACCESS_CONTROL_FILE** 파라미터 값에 접속을 허용하는 사용자와 데이터베이스 및 IP 목록을 작성한 파일 이름을 입력한다. 만약 ACCESS_CONTROL_FILE에 브로커 이름이 없으면, 해당 브로커로의 모든 접속이 제한된다. 이 경우, ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER 파라미터를 설정하여 모든 접속을 허용할 수 있다. **ACCESS_CONTROL** 브로커 파라미터의 기본값은 **OFF**\이다. -**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 하며, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 파라미터는 각각의 브로커에 작성하애 한다. +**ACCESS_CONTROL**, **ACCESS_CONTROL_FILE** 파라미터는 공통 적용 파라미터가 위치하는 [broker] 아래에 작성해야 하며, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 파라미터는 각각의 브로커에 작성하야 한다. **ACCESS_CONTROL_FILE**\ 의 형식은 다음과 같다. From a6f5ce3577cf2c4d0931fd8ddefd6c3f3c14d5f7 Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Fri, 20 Sep 2024 14:52:59 +0900 Subject: [PATCH 3/6] change text --- en/admin/config.rst | 2 +- ko/admin/config.rst | 2 +- ko/admin/control.rst | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/en/admin/config.rst b/en/admin/config.rst index 251193ac3..e28059567 100644 --- a/en/admin/config.rst +++ b/en/admin/config.rst @@ -2472,7 +2472,7 @@ The following table shows the broker parameters available in the broker configur | | +-----------------------------------------+--------+------------------------------+-----------+ | | | REPLICA_ONLY | string | OFF | | | | +-----------------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | string | DENY | | +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | bool | DENY | | | +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ | | Broker App. Server(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32bit: 40, | available | | | | | | Windows 64bit: 80, | | diff --git a/ko/admin/config.rst b/ko/admin/config.rst index 2675b9fe2..e85152029 100644 --- a/ko/admin/config.rst +++ b/ko/admin/config.rst @@ -2443,7 +2443,7 @@ cubrid_broker.conf 설정 파일과 기본 제공 파라미터 | | +-----------------------------------------+--------+------------------------------+-----------+ | | | REPLICA_ONLY | string | OFF | | | | +-----------------------------------------+--------+------------------------------+-----------+ -| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | string | DENY | | +| | | ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER | bool | DENY | | | +-------------------------+-----------------------------------------+--------+------------------------------+-----------+ | | 브로커 응용 서버(CAS) | APPL_SERVER_MAX_SIZE | MB | Windows 32비트: 40, | 가능 | | | | | | Windows 64비트: 80, | | diff --git a/ko/admin/control.rst b/ko/admin/control.rst index e3fbc2141..2e796be61 100644 --- a/ko/admin/control.rst +++ b/ko/admin/control.rst @@ -1484,7 +1484,7 @@ ip_list_file의 작성 형식은 다음과 같다. * : 접근을 허용할 IP 명. 뒷자리를 \*로 입력하면 뒷자리의 모든 IP를 허용한다. **ACCESS_CONTROL** 값이 ON 상태에서 **ACCESS_CONTROL_FILE**\에 지정되지 않으면 브로커는 localhost에서만 접속을 허용한다. -그러나 **ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커의 경우, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값을 ALLOW로 설정하면, 브로커는 모든 접속 요청을 허용한다. +그러나 **ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커의 경우, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값을 ALLOW로 설정한 브로커들에 대해서는 모든 접속 요청을 허용한다. **ACCESS_CONTROL_FILE** 에 지정되지 않은 브로커 접속 제한 방식. From c77ec858bb2893a68554f23c7fba11c86ef9cbce Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Fri, 20 Sep 2024 15:10:48 +0900 Subject: [PATCH 4/6] change text --- en/admin/control.rst | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/en/admin/control.rst b/en/admin/control.rst index 6758fb4dc..105125509 100644 --- a/en/admin/control.rst +++ b/en/admin/control.rst @@ -1462,8 +1462,8 @@ Limiting Broker Access ---------------------- To limit the client applications accessing the broker, set to **ON** for the **ACCESS_ CONTROL** parameter in the **cubrid_broker.conf** file, and enter a name of the file in which the users and the list of databases and IP addresses allowed to access the **ACCESS_CONTROL_FILE** parameter value are written. -The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. If there is no broker name in ACCESS_CONTROL_FILE, all access to that broker will be restricted. In this case, you can allow all access by setting the ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER parameter. -The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified and **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be written for each broker. +The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. All access to brokers not listed in **ACCESS_CONTROL_FILE** is restricted. Even not listed in **ACCESS_CONTROL_FILE**, you can allow access to a specific broker by setting **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** to **ALLOW** for that broker. +The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified. On the other hand, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be specified for each broker. The format of **ACCESS_CONTROL_FILE** is as follows: @@ -1491,7 +1491,7 @@ The format of the ip_list_file is as follows: * : An IP address that is allowed to access the server. If the last digit of the address is specified as \*, all IP addresses in that rage are allowed to access the broker server. If a value for **ACCESS_CONTROL** is set to ON and a value for **ACCESS_CONTROL_FILE** is not specified, the broker will only allow the access requests from the localhost. -However, if **ACCESS_CONTROL_FILE** is not specified, for brokers, if **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is set to ALLOW, the broker will allow all access requests. +However, even **ACCESS_CONTROL_FILE** is not specified, all requests are allowed for brokers with **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** set to **ALLOW**. Broker access restrictions not specified in **ACCESS_CONTROL_FILE**. From 445707d0fe765432381c3f07a55bf0c06b89b379 Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Tue, 24 Sep 2024 10:16:11 +0900 Subject: [PATCH 5/6] add Note to ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER description --- en/admin/config.rst | 4 ++++ ko/admin/config.rst | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/en/admin/config.rst b/en/admin/config.rst index e28059567..ac81d6441 100644 --- a/en/admin/config.rst +++ b/en/admin/config.rst @@ -2729,6 +2729,10 @@ Access **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** If no broker is specified in **ACCESS_CONTROL_FILE** and the value of **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is **ALLOW** , all access to the broker are allowed. The default is **DENY**. For more information, see :ref:`limiting-broker-access`. + + .. note:: + + The settings value ALLOW or DENY for **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is valid only when **ACCESS_CONTROL** is set to **ON**. If it is set to **OFF**, the setting value is not applicable. Broker App. Server(CAS) ^^^^^^^^^^^^^^^^^^^^^^^ diff --git a/ko/admin/config.rst b/ko/admin/config.rst index e85152029..ac63c57b5 100644 --- a/ko/admin/config.rst +++ b/ko/admin/config.rst @@ -2701,6 +2701,10 @@ CUBRID 설치 시 생성되는 기본 브로커 설정 파일인 **cubrid_broker **ACCESS_CONTROL_FILE** 에 지정한 브로커가 없고 **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 값이 **ALLOW** 인 경우, 브로커에 접속을 모두 허용한다. 기본값은 **DENY** 이다. 자세한 내용은 :ref:`limiting-broker-access` 을 참고한다. + .. note:: + + **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** 의 설정값 **ALLOW** 또는 **DENY** 는 **ACCESS_CONTROL** 이 **ON** 일 때만 유효하며, **OFF** 일 경우에는 설정값이 적용되지 않습니다. + 브로커 응용 서버(CAS) ^^^^^^^^^^^^^^^^^^^^^ From 5fe8385a903224e64b3c137f0d4f216d322e9931 Mon Sep 17 00:00:00 2001 From: Kang Dooho Date: Wed, 16 Oct 2024 10:24:17 +0900 Subject: [PATCH 6/6] change text --- en/admin/control.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/en/admin/control.rst b/en/admin/control.rst index 105125509..89ae67265 100644 --- a/en/admin/control.rst +++ b/en/admin/control.rst @@ -1462,8 +1462,8 @@ Limiting Broker Access ---------------------- To limit the client applications accessing the broker, set to **ON** for the **ACCESS_ CONTROL** parameter in the **cubrid_broker.conf** file, and enter a name of the file in which the users and the list of databases and IP addresses allowed to access the **ACCESS_CONTROL_FILE** parameter value are written. -The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. All access to brokers not listed in **ACCESS_CONTROL_FILE** is restricted. Even not listed in **ACCESS_CONTROL_FILE**, you can allow access to a specific broker by setting **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** to **ALLOW** for that broker. -The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under [broker] which common parameters are specified. On the other hand, **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be specified for each broker. +The default value of the **ACCESS_CONTROL** broker parameter is **OFF**. All access to brokers not listed in **ACCESS_CONTROL_FILE** is restricted. Even if not listed in **ACCESS_CONTROL_FILE**, you can allow access to a specific broker by setting **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** to **ALLOW** for that broker. +The **ACCESS_CONTROL** and **ACCESS_CONTROL_FILE** parameters must be written under the [broker] section where common parameters are specified. On the other hand, the **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** parameter must be specified for each broker. The format of **ACCESS_CONTROL_FILE** is as follows: @@ -1491,12 +1491,12 @@ The format of the ip_list_file is as follows: * : An IP address that is allowed to access the server. If the last digit of the address is specified as \*, all IP addresses in that rage are allowed to access the broker server. If a value for **ACCESS_CONTROL** is set to ON and a value for **ACCESS_CONTROL_FILE** is not specified, the broker will only allow the access requests from the localhost. -However, even **ACCESS_CONTROL_FILE** is not specified, all requests are allowed for brokers with **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** set to **ALLOW**. +However, if **ACCESS_CONTROL_FILE** is not specified, all requests are allowed for brokers with **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** set to **ALLOW**. Broker access restrictions not specified in **ACCESS_CONTROL_FILE**. * Allow access only from localhost. (default) -* If ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER is set to ALLOW, all access is allowed. +* If **ACCESS_CONTROL_BEHAVIOR_FOR_EMPTYBROKER** is set to **ALLOW**, all access is allowed. If the analysis of **ACCESS_CONTROL_FILE** and ip_list_file fails when starting a broker, the broker will not be run.