Sorry if I wasn't very clear.1521 is the default Oracle listener port since the deluge. Using that port is an open avenue for any hacker worth his/her salt to run a sniffer in a Linux node to get all Oracle pwds. First thing I do in any site I run is change the port to something else - which is NOT disclosed other than through tnsnames. Uh-huh, not with this mob. 1521 is "the recommended port" and that is what must be used.
REALLY? This mob also wanted the listener to ASK for a password on first connection. Nothing to do with adding a password to start/stop/control the listener. Clearly they read somewhere the listener can "be protected by password". Which in their two-cell brain immediately means:"one must enter a password to access Oracle listener from client w/s, in order for it to be secure".
#facepalm... -- Cheers Nuno Souto dbvision@xxxxxxxxxxxx On 17/01/2014 4:11 AM, mohammed bhatti wrote:
I'm fairly certain that these guidelines are taken from the DISA STIG. I haven't seen a commercial version of the database STIG but I do recall in the pre-11g DISA STIG the listener required a password to be set. Also, the listener pre-11g had to be started under it's own dedicated account and not the account that owns the Oracle software. None of these is now required in the 11g STIG.
-- //www.freelists.org/webpage/oracle-l