Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: Listener Security !!

Re: Listener Security !!

From: Jay Hostetter <jhostetter_at_decommunications.com>
Date: Mon, 23 Jul 2001 07:55:49 -0700
Message-ID: <F001.00351C26.20010723074608@fatcity.com> 






Set a password for listener administration to prevent this.



PASSWORDS_LISTENER=(mysecretpassword)






Jay Hostetter


Oracle DBA


D. & E. Communications


Ephrata, PA  USA



>>> Rajesh_at_ohitelecom.com 07/23/01 10:11AM >>>

Hi All !!



   Today I came across a typical Hole in Listener Security.
If you have lsnrctl utility (or Database installation) at one
Box, then you can stop the listener on another Box. Just change
the parameter file (listener.ora) to have hostname of another
(may be production server) box. Now goto lsnrctl and fire stop
command. you would notice that the local listener is running
but the remote listener is down.......


        This is more serious issue on platforms like Unix and VMS 
where you can control listener (locally) only if you are a 
member of DBA group. This means that Listener doesn't have any
cross OS check in it....


        Is this a known issue/bug. Any-ideas, any patches? Oracle
Corp guys, what you say? 


        Waiting for you views......



Rajesh


OC DBA 8&8i

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com 
-- 
Author: Rajesh Dayal
  INET: Rajesh_at_ohitelecom.com 

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).

--
Please see the official ORACLE-L FAQ: http://www.orafaq.com
--
Author: Jay Hostetter
  INET: jhostetter_at_decommunications.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).


Received on Mon Jul 23 2001 - 09:55:49 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US