Re: Listener Passwords, who uses them and why?

I would highly recommend setting a listener password or risk someone remotely shutting down your listener!

If a remote machine has a listener control untility, the oracle network layer installed and port access to the listener then someone can remotely shutdown your listener I believe!

Try this from a remote machine with a listener installed:

lsnrctl
set current_listener remote.hostname.com status
stop

Then wait for users to start ringing up saying they can no longer connect to database x.

I would try the above stuff myself, but recent firewall changes have locked everything down so tight I have a hard time doing anything.

Dave wrote:
> As the subject says, just curious how many people out there have
> passwords on their listeners?
>
> Some external group auditing us for SOX is saying that its a best
> practice but in my 8 years as a DBA i've never seen it.
>
> I can see if we had problems with listeners going down unexpectedly but
> this has never happened. Are there security holes that I should be
> aware of that recommend having a password?
>
> (I'm aware of the iSQLPlus bug in the latest Oracle CPU, but we don't
> use it..)
>
> tnx.
>
Received on Tue Aug 02 2005 - 23:00:42 CDT