Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Listener Passwords, who uses them and why?

Re: Listener Passwords, who uses them and why?

From: DA Morgan <damorgan_at_psoug.org>
Date: Tue, 02 Aug 2005 08:30:13 -0700
Message-ID: <1122996599.414016@yasure>


Dave wrote:
> As the subject says, just curious how many people out there have
> passwords on their listeners?
>
> Some external group auditing us for SOX is saying that its a best
> practice but in my 8 years as a DBA i've never seen it.
>
> I can see if we had problems with listeners going down unexpectedly but
> this has never happened. Are there security holes that I should be
> aware of that recommend having a password?
>
> (I'm aware of the iSQLPlus bug in the latest Oracle CPU, but we don't
> use it..)
>
> tnx.

Always. But then I always have tcp.validnode_checking=yes in my SQLNET.ORA and likely you've never seen that either. Oracle has very robust security options that are not often implemented due to ignorance, lazyiness, or a sense that what happens elsewhere will never happen on "my" watch.

They should also be insisting on an AFTER LOGON trigger: Are they?

-- 
Daniel A. Morgan
http://www.psoug.org
damorgan_at_x.washington.edu
(replace x with u to respond)
Received on Tue Aug 02 2005 - 10:30:13 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US