Home » RDBMS Server » Networking and Gateways » Security risk to Listener service
Security risk to Listener service [message #252390] Wed, 18 July 2007 14:27 Go to next message
danimars
Messages: 10
Registered: October 2005
Location: London
Junior Member


hi.

i wanted to know if listener service is not password protected and running on default port 1521 then is it still vulnerable in Oracle 8i if operating system authentication is being used. I think it should be still vulnerable coz I have read papers and I havent read anything anywhere that says operating system authentication resolves the vulnerability issues of the listener service. Please help
Re: Security risk to Listener service [message #252393 is a reply to message #252390] Wed, 18 July 2007 14:33 Go to previous messageGo to next message
BlackSwan
Messages: 25046
Registered: January 2009
Location: SoCal
Senior Member
HUH?
OS Authenication means the user is logged directly onto the the DB server system.
If this is the case then SQL*Net is NOT used to connect the local user to the DB.
The password involving the listener only controls the stopping the listener & NOT logging into the DB itself.
Re: Security risk to Listener service [message #252403 is a reply to message #252393] Wed, 18 July 2007 14:45 Go to previous messageGo to next message
danimars
Messages: 10
Registered: October 2005
Location: London
Junior Member


Thanks for the quick reply. I am a little confused about this. If SQL*NET will not be used then how will the client using oracle e-business suite establish connections to the database. because as far as I have read the Listener service provides basic connectivity for clients, application servers, and other databases to an Oracle database as it manages the network traffic. that is in the scenario of OS authentication being used.
Re: Security risk to Listener service [message #252409 is a reply to message #252390] Wed, 18 July 2007 14:59 Go to previous message
BlackSwan
Messages: 25046
Registered: January 2009
Location: SoCal
Senior Member
You are the one who keep including OS Authentication into the discussion.
Refer to me previous reply WRT how & when OS Authentication is used.
The Oracle Listener ONLY comes into play when a remote client wants to establish a connection to the DB.
After the Listener establishes the connection between the client & the database, the listener is NO longer involved with that client (or this DB session).

I suggest you Read Then Fine Concepts Manual found at http://tahiti.oracle.com

WRT, e-business suite, AFAIK this a 3 tier architecture & whole bunch of different rules apply.
Previous Topic: Help! ORA-12560 TNS protocol adapter error (split)
Next Topic: ora - 01002 Fetch out of sequence
Goto Forum:
  


Current Time: Thu Dec 08 18:17:25 CST 2016

Total time taken to generate the page: 0.08479 seconds