Listener Password in Oracle 10g

最新推荐文章于 2021-04-07 23:45:17 发布

cljxxne10978

最新推荐文章于 2021-04-07 23:45:17 发布

阅读量90

点赞数

在Google上搜索“监听安全 oracle”，一堆《实例讲解Oracle监听口令及监听器安全》的文章，都是copy+paste自eygle的这篇《Oracle的监听口令及监听器安全》，eygle的测试环境是本地的10.2.0.3客户端加远程9.2.0.4数据库。

如果服务器端数据库版本在Oracle9i以后，设置监听密码的情况则有一些变化。

在Metalink Note 260986.1中，可以看到：

In Oracle 10, the TNSListener is secure out of the box and there should not be a need to set a listener password as in older versions of the Oracle listener.

Oracle10g以后，设置Listener密码已经不是安全检查的必要条件了，因为默认在10g里面除了启动监听的用户之外，其它用户都无法停止Listener（还有另外一些lsnrctl的命令也同样被禁止了，比如trace, reload等），即使Listener没有设置密码。

在默认情况下，启动Listener或者使用lsnrctl status命令查看监听状态，可以看到：

Security        ON: Password  OR  Local OS Authentication

这表明Listener的安全机制使用了Password方式或者Local OS Authentication方式，在这种状态下，即使是设置了监听密码，对于启动监听的user来说，也仍然是不需要任何密码就可以停止监听的。

如果我们想去除自Oracle10g之后的这种新安全机制，那么需要在listener.ora文件中添加：

LOCAL_OS_AUTHENTICATION_[listener name] = OFF

重新启动Listener之后，将会只看到：

Security           ON: Password

这就又回复到了Oracle9i时的状态，只要有密码存在，无论是谁尝试停止监听都会被要求set password。

D:\Temp>lsnrctl
 
LSNRCTL for 32-bit Windows: Version 11.1.0.7.0 - Production on 20-MAY-2009 11:15:41
 
Copyright (c) 1991, 2008, Oracle.  All rights reserved.
 
Welcome to LSNRCTL, type "help" for information.
 
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=kamus-laptop)(PORT=1521)))
TNS-01169: The listener has not recognized the password
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=kamus-laptop)(PORT=1521)))
TNS-01169: The listener has not recognized the password
LSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> status
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=kamus-laptop)(PORT=1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for 32-bit Windows: Version 11.1.0.7.0 - Production
Start Date                20-MAY-2009 11:14:22
Uptime                    0 days 0 hr. 1 min. 34 sec
Trace Level               off
Security                  ON: Password
SNMP                      OFF
Listener Parameter File   D:\oracle\product\11.1.0\db_1\network\admin\listener.ora
Listener Log File         d:\oracle\diag\tnslsnr\kamus-laptop\listener\alert\log.xml
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=kamus-laptop)(PORT=1521)))
Services Summary...
Service "orcl11g" has 1 instance(s).
  Instance "orcl11g", status READY, has 1 handler(s) for this service...
Service "orcl11g_XPT" has 1 instance(s).
  Instance "orcl11g", status READY, has 1 handler(s) for this service...
The command completed successfully
LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=kamus-laptop)(PORT=1521)))
The command completed successfully
LSNRCTL>

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/53401/viewspace-663554/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/53401/viewspace-663554/