oracle 10g 監聽安全機制的加強
In this Document
Applies to:
Oracle Net Services
Information in this document applies to any platform.
Checked for relevance on 8-OCT-2009.
Goal
How to set a password for 10g and newer listeners leaving the default OS authentication mechanism in place.
In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.
Beginning with version 10g, the listener now uses local OS authentication. As long as one runs LSNRCTL privileged commands (stop, status, etc) as the same user who started the listener, that user will be able to fully administer the running listener without providing a password.
This security feature is enabled by default and can be identified at listener
startup, or when issuing a LSNRCTL STATUS command, by the following output:
Security ON: Local OS Authentication
If the TNSListener is started as the "oracle" user and the user "sales" attempts
to administer the listener, or if "oracle" on a different node attempts to
administer the listener, the following error will be returned:
TNS-01190: The user is not authorized to execute the requested listener command
The following commands are all privileged:
SAVE_CONFIG, STOP, TRACE, SPAWN, RELOAD,
SET {LOG_FILE, LOG_STATUS, INBOUND_CONNECT_TIMEOUT, SAVE_CONFIG_STOP_ON,
TRC_FILE, TRC_LEVEL, LOG_DIRECTORY, STARTUP_WAITTIME}
SHOW {RULES, TRC_DIRECTORY, LOG_FILE, LOG_STATUS, INBOUND_CONNECT_TIMEOUT,
SNMP_VISIBLE, TRC_FILE, TRC_LEVEL, LOG_DIRECTORY, STARTUP_WAITTIME,
SAVE_CONFIG_STOP_ON}
Solution
A secondary user is able to administer the listener if a listener password is
set and the secondary user knows the password. In this example, "oracle" will
set an encrypted password for the listener and the user "sales" will stop the
listener.
As the "oracle" user, set and encrypt the listener password:
1) LSNRCTL> set current_listener
2) LSNRCTL> change_password
Old password:
New password: 10glistener (text is not echoed)
Reenter new password: 10glistener (text is not echoed)
3) LSNRCTL> save_config
4) LSNRCTL> status
STATUS output will now show:
Security ON: Password or Local OS Authentication
As the "sales" user, enter the password to administer the listener:
1) LSNRCTL> set password
Password: 10glistener (text is not echoed)
2) LSNRCTL> stop
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/7199859/viewspace-671738/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- JS的事件監聽機制JS事件
- Oracle 10g 兩個監聽程式的故障Oracle 10g
- Apache ZooKeeper - 事件監聽機制初探Apache事件
- Oracle 10g RAC客戶端配置監聽Oracle 10g客戶端
- oracle 10g出現兩個監聽程式Oracle 10g
- 【LISTENER】Oracle 10g監聽的本地作業系統認證(Local OS Authentication)安全特性Oracle 10g作業系統
- 加固Oracle安全,為監聽設定口令Oracle
- Spring事件釋出與監聽機制Spring事件
- Spring 事件監聽機制及原理分析Spring事件
- Spring事件監聽機制原始碼解析Spring事件原始碼
- 加強 Nginx 的 SSL 安全Nginx
- oracle 10g rac當監聽程式監聽對方vip時啟動監聽報錯TNS-12545Oracle 10g
- js 監聽事件的疊加和移除JS事件
- Oracle 監聽Oracle
- Oracle監聽的作用Oracle
- 從原始碼級別深挖Zookeeper監聽機制原始碼
- spring-event-事件監聽機制實現Spring事件
- 等待事件在10G中的加強事件
- nginx加強安全模組Nginx
- Oracle安全機制--審記Oracle
- oracle監聽檔案listener.ora for 10g/11gOracle
- Oracle監聽(1)Oracle
- oracle的監聽問題Oracle
- Spring筆記(7) - Spring的事件和監聽機制Spring筆記事件
- ORACLE動態監聽與靜態監聽Oracle
- oracle靜態監聽和動態監聽Oracle
- 【oracle】動態監聽與靜態監聽Oracle
- 10g 熱備份命令加強
- 等待事件在10G中的加強(二)事件
- 【Oracle】修改oracle監聽埠Oracle
- 為什麼Proxy可以優化vue的資料監聽機制優化Vue
- Zookeeper的基本命令詳解和ACL和watch監聽機制
- Halo 開源專案學習(六):事件監聽機制事件
- 模板語法之--強制資料繫結和繫結事件監聽事件
- oracle靜態監聽Oracle
- JMS監聽Oracle AQOracle
- oracle 監聽器配置Oracle
- ORACLE監聽簡介Oracle