| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Listener Passwords, who uses them and why?
Dave wrote:
> As the subject says, just curious how many people out there have
> passwords on their listeners?
>
> Some external group auditing us for SOX is saying that its a best
> practice but in my 8 years as a DBA i've never seen it.
>
> I can see if we had problems with listeners going down unexpectedly but
> this has never happened. Are there security holes that I should be
> aware of that recommend having a password?
>
> (I'm aware of the iSQLPlus bug in the latest Oracle CPU, but we don't
> use it..)
>
> tnx.
Always. But then I always have tcp.validnode_checking=yes in my SQLNET.ORA and likely you've never seen that either. Oracle has very robust security options that are not often implemented due to ignorance, lazyiness, or a sense that what happens elsewhere will never happen on "my" watch.
They should also be insisting on an AFTER LOGON trigger: Are they?
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Tue Aug 02 2005 - 10:30:13 CDT
 |
 |