Re: lsnrctl passwords

Yes, hey would need access to the network. Sox is as much about accidental lapses in security as it is about intentional lapses.

On Fri, Apr 11, 2008 at 11:22 AM, Elliott, Patrick < patrick.elliott_at_medtronic.com> wrote:

> The solution is to run your listener on 10g and then include the
> parameter ADMIN_RESTRICTIONS_LISTENER = ON In your listener.ora file. This
> restricts all administrative commands in the listener to only users logged
> on locally to the machine.
>
>
> Pat
>
>
> ------------------------------
> *From:* oracle-l-bounce_at_freelists.org [mailto:
> oracle-l-bounce_at_freelists.org] *On Behalf Of *Blanchard William
> *Sent:* Friday, April 11, 2008 11:00 AM
> *To:* oracle-l_at_freelists.org
> *Subject:* RE: lsnrctl passwords
>
> Wouldn't they need access to your network in order to access the
> listener? I know that you can set up a similar entry in a listener.ora and
> remotely access the listener (I did this to prove it) but I was behind the
> firewall. I tried from home but wasn't able to access the listener using the
> same technique.
>
> Another question is that in 9i you can't do a save_config and have to
> enter the password interactively in order to use the listener. So, after a
> cold backup and a server restart, someone would have to manually restart
> every listener.
>
> Has anyone figured out how to script this? We tried but weren't able to
> figure out how to script the password entry so that our startup scripts
> would work with a password protected listener.
>
>
>
> William
>
> ------------------------------
> *From:* Andrew Kerber [mailto:andrew.kerber_at_gmail.com]
> *Sent:* Friday, April 11, 2008 10:44 AM
> *To:* Blanchard William
> *Cc:* oracle-l_at_freelists.org
> *Subject:* Re: lsnrctl passwords
>
> Several things they could do, for one they could turn off logging when you
> need it. They could also turn on logging, fille up the drive that the log
> file is on, and stop your listener, they could shut down the listener so no
> one could connect. ALl of these could be accidental or on purpose, but a
> password makes it harder to do either way. Also, most Sarbanes-Oxley
> compliance checklists require it.
>
> It is a pain to deal with even so.
>
> On Fri, Apr 11, 2008 at 10:09 AM, Blanchard William <
> William.Blanchard_at_kohler.com> wrote:
>
> > Is anyone out there using lsnrctl passwords? If so, why? I realize
> > that there are vulnerabilities but if they're able to get at the network,
> > why would they waste their time on the listner?
> >
> >
> > William
> >
>
>
>
> --
> Andrew W. Kerber
>
> 'If at first you dont succeed, dont take up skydiving.'
>
> [CONFIDENTIALITY AND PRIVACY NOTICE] Information transmitted by this email
> is proprietary to Medtronic and is intended for use only by the individual
> or entity to which it is addressed, and may contain information that is
> private, privileged, confidential or exempt from disclosure under applicable
> law. If you are not the intended recipient or it appears that this mail has
> been forwarded to you without proper authority, you are notified that any
> use or dissemination of this information in any manner is strictly
> prohibited. In such cases, please delete this mail from your records. To
> view this notice in other languages you can either select the following link
> or manually copy and paste the link into the address bar of a web browser:
> http://emaildisclaimer.medtronic.com
>

-- 
Andrew W. Kerber

'If at first you dont succeed, dont take up skydiving.'

--
http://www.freelists.org/webpage/oracle-l