Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Listener password encryption

RE: Listener password encryption

From: Reidy, Ron <>
Date: Thu, 16 Feb 2006 18:47:03 -0700
Message-ID: <>

I disagree completely on this. Setting the password can help to prevent a DNS attack on the listener. Of course, to know if the listener is being attacked, you should have logging turned on and some kind of process (swatch) watching the log file for invalid passwords (maybe a brute force attack).

But hey, don't just take my word for it, read what Pete Finnigan says about it: ID%3A4f683a6e994ed451%3B&

-----Original Message-----
[] On Behalf Of Greg Norris Sent: Thursday, February 16, 2006 12:03 PM To:
Subject: Re: Listener password encryption

I wouldn't even bother using an encrypted password, unless of course this is being done to satisfy some (clueless) auditor's checklist. The way Oracle handles encrypted listener passwords, they're absolutely no more secure than the cleartext counterpart... in fact, one could easily argue that they're slightly *less* secure.

On 2/16/06, J. Dex <> wrote:
> I am trying to save an encrypted password for the listener and
> although it responds that the command was completed successsfully, it
> isn't turning on security and doesn't seem to be working. Any ideas?
> This is Oracle 9207 on a Windows 2003 server. This is what I am
> doing:
> LSNRCTL>set save_config_on_stop on
> LSNRCTL>set password password_name
> My understanding is that security in "status" should be set to on and
> I should see some comments at the bottom of the listener file, but I
> am not seeing those.

"I'm too sexy for my code." - Awk Sed Fred.

This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.

Received on Thu Feb 16 2006 - 19:47:03 CST

Original text of this message