Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: restrict remote listener administration

Re: restrict remote listener administration

From: Pete Finnigan <plsql_at_petefinnigan.com>
Date: Sat, 11 Dec 2004 20:43:55 +0000
Message-ID: <ZbqGuiALw1uBRx0D@peterfinnigan.demon.co.uk> 





>Without you I would have changed some production listeners for nothing 

>(living lightly thinking they were "secure").

Hi,



You should still set the ADMIN_RESTRICTIONS_{LISTENER_NAME} parameter as
it prevents listener settings being changed via the listener control
utility. You should also still set a listener password of course. If a
listener parameters can be set remotely (or even from inside an
organisation) then it can be possible to use listener commands to hack
the server it runs on. Remember that there are no password management
features for the listener password so the password can be brute forced
so setting ADMIN_RESTRICTIONS provides a valid extra defence. 



Set both this parameter and the password.



kind regards



Pete

-- 
Pete Finnigan (email:pete_at_petefinnigan.com)
Web site: http://www.petefinnigan.com - Oracle security audit specialists
Oracle security blog: http://www.petefinnigan.com/weblog/entries/index.html
Book:Oracle security step-by-step Guide - see http://store.sans.org for details.


Received on Sat Dec 11 2004 - 14:43:55 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US