Re: Listener Vulnerabilities - how to address them
Date: Thu, 10 Apr 2008 17:24:23 +1200
2008/4/10 Tony Sequeira <tony_at_sequeira.org.uk>: [snip]
> Good point, but I believe the recommendation is that the password should
> be encrypted in listener.ora file.
yes but curiously, the hashed password in the listener.ora also needs to be protected. Otherwise the hash can be read, without cracking it, to admin the listener - this is the way my wrapper script works in 8-9i !!
setting the listener.ora to be 600 privs and oracle owned works ... except where you have Oracle Apps and the listener is started by applmgr (or similar).
We have this rolled out to all our pre-10g environments (hundreds) - took ages :P