Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Listener Passwords, who uses them and why?

Re: Listener Passwords, who uses them and why?

From: Snewber <snew_at_snewx.com>
Date: Wed, 03 Aug 2005 14:00:42 +1000
Message-ID: <dcpfg8$e17$1@bunyip2.cc.uq.edu.au>


I would highly recommend setting a listener password or risk someone remotely shutting down your listener!

If a remote machine has a listener control untility, the oracle network layer installed and port access to the listener then someone can remotely shutdown your listener I believe!

Try this from a remote machine with a listener installed:

lsnrctl
set current_listener remote.hostname.com status
stop

Then wait for users to start ringing up saying they can no longer connect to database x.

I would try the above stuff myself, but recent firewall changes have locked everything down so tight I have a hard time doing anything.

Dave wrote:
> As the subject says, just curious how many people out there have
> passwords on their listeners?
>
> Some external group auditing us for SOX is saying that its a best
> practice but in my 8 years as a DBA i've never seen it.
>
> I can see if we had problems with listeners going down unexpectedly but
> this has never happened. Are there security holes that I should be
> aware of that recommend having a password?
>
> (I'm aware of the iSQLPlus bug in the latest Oracle CPU, but we don't
> use it..)
>
> tnx.
>
Received on Tue Aug 02 2005 - 23:00:42 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US