Re: restrict remote listener administration

From: Fabrizio <fabrizio.magni_at_mycontinent.com>
Date: Sat, 11 Dec 2004 19:21:51 GMT
Message-ID: <41BB48CD.3010505@mycontinent.com>

Michel Cadot wrote:

> "Fabrizio" <fabrizio.magni_at_mycontinent.com> a écrit dans le message de
> news:eyGud.498133$35.21254922_at_news4.tin.it...
> 

>>For some of the readers this could be well know but I asked the very
>>same question a couple of months ago without receving a good answer.
>>
>>Even researching the newsgroup archive showed nothing so I'm posting the
>>solution I have found.
>>
>>How to prevente remote administration (and remote shutdown of the listener)?
>>
>>I didn't like to entrust a password: it didn't prevent the remote
>>administration and the reboot scripts had to be changed (errors could
>>still be made from machine to machine or during/after a migration).
>>
>>Today I've found a listener parameter:
>>
>>ADMIN_RESTRICTIONS_[listener_name]=ON
>>
>>I hope this could be of help for others.
>>
>>PS: young, point 16 of Oracle Idiosyncrasies needs to be updated. ;)
>>
>>--
>>Fabrizio Magni
>>
>>fabrizio.magni_at_mycontinent.com
>>
>>replace mycontinent with europe

> 
> 
> admin_restrictions parameter does not prevent from remote shutdown.
> It just prevents from modifying the listener.ora file with listener set command.
> 
> Regards
> Michel Cadot
> 
> 
> 

Thank you Michel.
You are correct.

Shame on me: I made my tests on a 10g where remote administration is not allowed by default.

On an old fashioned 9i I was able to stop the listener.

Without you I would have changed some production listeners for nothing (living lightly thinking they were "secure").

Thanks

-- 
Fabrizio Magni

fabrizio.magni_at_mycontinent.com

replace mycontinent with europe

Received on Sat Dec 11 2004 - 13:21:51 CST