oracle 10g 監聽安全機制的加強
In this Document
Applies to:
Oracle Net Services
Information in this document applies to any platform.
Checked for relevance on 8-OCT-2009.
Goal
How to set a password for 10g and newer listeners leaving the default OS authentication mechanism in place.
In Oracle 10g and newer versions of the listener, the listener is secure out of the box. There should be no need to set a listener password to prohibit privileged LSNRCTL commands from being executed.
Beginning with version 10g, the listener now uses local OS authentication. As long as one runs LSNRCTL privileged commands (stop, status, etc) as the same user who started the listener, that user will be able to fully administer the running listener without providing a password.
This security feature is enabled by default and can be identified at listener
startup, or when issuing a LSNRCTL STATUS command, by the following output:
Security ON: Local OS Authentication
If the TNSListener is started as the "oracle" user and the user "sales" attempts
to administer the listener, or if "oracle" on a different node attempts to
administer the listener, the following error will be returned:
TNS-01190: The user is not authorized to execute the requested listener command
The following commands are all privileged:
SAVE_CONFIG, STOP, TRACE, SPAWN, RELOAD,
SET {LOG_FILE, LOG_STATUS, INBOUND_CONNECT_TIMEOUT, SAVE_CONFIG_STOP_ON,
TRC_FILE, TRC_LEVEL, LOG_DIRECTORY, STARTUP_WAITTIME}
SHOW {RULES, TRC_DIRECTORY, LOG_FILE, LOG_STATUS, INBOUND_CONNECT_TIMEOUT,
SNMP_VISIBLE, TRC_FILE, TRC_LEVEL, LOG_DIRECTORY, STARTUP_WAITTIME,
SAVE_CONFIG_STOP_ON}
Solution
A secondary user is able to administer the listener if a listener password is
set and the secondary user knows the password. In this example, "oracle" will
set an encrypted password for the listener and the user "sales" will stop the
listener.
As the "oracle" user, set and encrypt the listener password:
1) LSNRCTL> set current_listener
2) LSNRCTL> change_password
Old password:
New password: 10glistener (text is not echoed)
Reenter new password: 10glistener (text is not echoed)
3) LSNRCTL> save_config
4) LSNRCTL> status
STATUS output will now show:
Security ON: Password or Local OS Authentication
As the "sales" user, enter the password to administer the listener:
1) LSNRCTL> set password
Password: 10glistener (text is not echoed)
2) LSNRCTL> stop
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/7199859/viewspace-671738/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- oracle監聽檔案listener.ora for 10g/11gOracle
- Apache ZooKeeper - 事件監聽機制初探Apache事件
- Spring事件監聽機制原始碼解析Spring事件原始碼
- Spring事件釋出與監聽機制Spring事件
- Spring 事件監聽機制及原理分析Spring事件
- oracle靜態監聽Oracle
- JMS監聽Oracle AQOracle
- Spring筆記(7) - Spring的事件和監聽機制Spring筆記事件
- spring-event-事件監聽機制實現Spring事件
- js 監聽事件的疊加和移除JS事件
- 從原始碼級別深挖Zookeeper監聽機制原始碼
- Oracle dblink監聽問題Oracle
- 6、oracle網路(監聽)Oracle
- oracle 最全的監聽、tnsnames.ora格式Oracle
- Oracle 監聽異常處理Oracle
- Oracle啟動兩個監聽Oracle
- Oracle 建立非1521埠監聽Oracle
- Oracle 監聽投毒COST解決Oracle
- 為什麼Proxy可以優化vue的資料監聽機制優化Vue
- Zookeeper的基本命令詳解和ACL和watch監聽機制
- Halo 開源專案學習(六):事件監聽機制事件
- 模板語法之--強制資料繫結和繫結事件監聽事件
- oracle rac scan監聽更改埠號Oracle
- oracle監聽不到例項服務Oracle
- oracle rac的scan監聽狀態Not All Endpoints RegisteredOracle
- 扒去Spring事件監聽機制的外衣,竟然是觀察者模式Spring事件模式
- Oracle 11g RAC 監聽日常管理Oracle
- oracle之 單例項監聽修改埠Oracle單例
- Oracle 修改預設監聽埠故障分析Oracle
- 10G FGA的增強
- 如何讓oracle的select強制走索引Oracle索引
- Oracle監聽器中的XDB、XPT和PLSExtProc服務Oracle
- 加強對成衣品質的監控與管理
- 強大的CAS機制
- 加強雲主機安全 ZStack攜手阿里雲打造一體化安全阿里
- SpringBoot事件監聽機制及觀察者模式/釋出訂閱模式Spring Boot事件模式
- 【DB寶49】Oracle如何設定DB、監聽和EM開機啟動Oracle
- oracle 10g flashback databaseOracle 10gDatabase
- 監聽 watch props物件屬性監聽 或深度監聽物件