Re: Listener Vulnerabilities - how to address them

From: ~Jeff~ <>
Date: Thu, 10 Apr 2008 17:24:23 +1200
Message-ID: <>

2008/4/10 Tony Sequeira <>: [snip]
> Good point, but I believe the recommendation is that the password should
> be encrypted in listener.ora file.

yes but curiously, the hashed password in the listener.ora also needs to be protected. Otherwise the hash can be read, without cracking it, to admin the listener - this is the way my wrapper script works in 8-9i !!

setting the listener.ora to be 600 privs and oracle owned works ... except where you have Oracle Apps and the listener is started by applmgr (or similar).

We have this rolled out to all our pre-10g environments (hundreds) - took ages :P


Received on Thu Apr 10 2008 - 00:24:23 CDT

Original text of this message