RE: lsnrctl passwords

The solution is to run your listener on 10g and then include the parameter 
ADMIN_RESTRICTIONS_LISTENER = ON In your listener.ora file. This restricts all 
administrative commands in the listener to only users logged on locally to the 
machine.



Pat



________________________________
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On 
Behalf Of Blanchard William
Sent: Friday, April 11, 2008 11:00 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: RE: lsnrctl passwords


Wouldn't they need access to your network in order to access the listener? I 
know that you can set up a similar entry in a listener.ora and remotely access 
the listener (I did this to prove it) but I was behind the firewall. I tried 
from home but wasn't able to access the listener using the same technique.

Another question is that in 9i you can't do a save_config and have to enter the 
password interactively in order to use the listener. So, after a cold backup 
and a server restart, someone would have to manually restart every listener.

Has anyone figured out how to script this? We tried but weren't able to figure 
out how to script the password entry so that our startup scripts would work 
with a password protected listener.



William

________________________________
From: Andrew Kerber [mailto:andrew.kerber@xxxxxxxxx]
Sent: Friday, April 11, 2008 10:44 AM
To: Blanchard William
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: lsnrctl passwords

Several things they could do, for one they could turn off logging when you need 
it.  They could also turn on logging, fille up the drive that the log file is 
on, and stop your listener, they could shut down the listener so no one could 
connect.  ALl of these could be accidental or on purpose, but a password makes 
it harder to do either way.  Also, most Sarbanes-Oxley compliance checklists 
require it.

It is a pain to deal with even so.

On Fri, Apr 11, 2008 at 10:09 AM, Blanchard William 
<William.Blanchard@xxxxxxxxxx<mailto:William.Blanchard@xxxxxxxxxx>> wrote:
Is anyone out there using lsnrctl passwords?  If so, why?  I realize that there 
are vulnerabilities but if they're able to get at the network, why would they 
waste their time on the listner?


William



--
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

[CONFIDENTIALITY AND PRIVACY NOTICE]

Information transmitted by this email is proprietary to Medtronic and is 
intended for use only by the individual or entity to which it is addressed, and 
may contain information that is private, privileged, confidential or exempt 
from disclosure under applicable law. If you are not the intended recipient or 
it appears that this mail has been forwarded to you without proper authority, 
you are notified that any use or dissemination of this information in any 
manner is strictly prohibited. In such cases, please delete this mail from your 
records.
 
To view this notice in other languages you can either select the following link 
or manually copy and paste the link into the address bar of a web browser: 
http://emaildisclaimer.medtronic.com

Other related posts: