Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Listener Passwords, who uses them and why?

Re: Listener Passwords, who uses them and why?

From: Maxim Demenko <mdemenko_at_arcor.de>
Date: Tue, 02 Aug 2005 18:44:04 +0200
Message-ID: <42efa3ea$0$11754$9b4e6d93@newsread4.arcor-online.net> 





Dave schrieb:


> As the subject says, just curious how many people out there have

> passwords on their listeners?

> 

> Some external group auditing us for SOX is saying that its a best

> practice but in my 8 years as a DBA i've never seen it.

> 

> I can see if we had problems with listeners going down unexpectedly but

> this has never happened.    Are there security holes that I should be

> aware of that recommend having a password?

> 

> (I'm aware of the iSQLPlus bug in the latest Oracle CPU, but we don't

> use it..)

> 

> tnx.

> 




I've found some months ago this document
http://www.integrigy.com/info/Integrigy_OracleDB_Listener_Security.pdf
( is dated Jan 2004), they state that listener passwords can be easily 
brut forced due to lack of automatic logout facility (haven't tested), 
some older exploits are listed too.


Maybe that helps...



Best regards



Maxim
Received on Tue Aug 02 2005 - 11:44:04 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US