Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: restrict remote listener administration

Re: restrict remote listener administration

From: Fabrizio <fabrizio.magni_at_mycontinent.com>
Date: Sat, 11 Dec 2004 21:36:39 GMT
Message-ID: <41BB6866.6030603@mycontinent.com> 





Pete Finnigan wrote:

>>Without you I would have changed some production listeners for nothing 
>>(living lightly thinking they were "secure").




> 

> Hi,

> 

> You should still set the ADMIN_RESTRICTIONS_{LISTENER_NAME} parameter as

> it prevents listener settings being changed via the listener control

> utility. You should also still set a listener password of course. If a

> listener parameters can be set remotely (or even from inside an

> organisation) then it can be possible to use listener commands to hack

> the server it runs on. Remember that there are no password management

> features for the listener password so the password can be brute forced

> so setting ADMIN_RESTRICTIONS provides a valid extra defence. 

> 

> Set both this parameter and the password.

> 

> kind regards

> 

> Pete




Actually I read some of your papers on securityfocus this week.



I'm not sure if I'm going to implement password restrictions for my 
listeners.


But it is possible I'll give ADMIN_RESTRICTIONS a try.



Still I'd prefer an administration similar to 10g where OS 
authentication matter.



Regards


-- 
Fabrizio Magni

fabrizio.magni_at_mycontinent.com

replace mycontinent with europe


Received on Sat Dec 11 2004 - 15:36:39 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US