Oracle Net Listener Parameters

定位listener.ora:

By default, the listener.ora file is located in the ORACLE_HOME/network/admin directory. The listener.ora file can also be stored the following locations:

  1. The directory specified by the TNS_ADMIN environment variable or registry value.
  2. On Linux and UNIX operating systems, it is the global configuration directory. For example, on the Oracle Solaris operating system, the directory is /var/opt/oracle.

It is often useful to configure multiple listeners in one listener.ora file. However, Oracle recommends running only one listener for each node in most customer environments.

Protocol Address Parameters

listener_name=

 (DESCRIPTION=

  (ADDRESS_LIST=

   (ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521))

   (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))))

  1. IP

IP参数只用于HOST指定了一个hostname而非IP地址,表示使用hostname对应哪个IP.

To determine which IP address the listener listens on when a host name is specified.

This parameter is only applicable when the HOST parameter specifies a host name.

Values

First: Listen on the first IP address returned by the DNS resolution of the host name. If the user wants the listener to listen on the first IP to which the specified host name resolves, then the address must be qualified with (IP=first).

v4_only: Listen only on IPv4 addresses.

v6_only: Listen only on IPv6 addresses.

This feature is disabled by default.

关于监听IP:

  1. 如果配置HOST值为IP,则在此IP上监听,如果设置为0.0.0.0则监听主机所有IP地址
  2. 如果配置HOST值为域名,则按DNS获取的IP顺序在第一个成功连通的IP上监听(无论是否设置IP=FIRST),如果此IP与主机名(hostname)解析的IP一样,则监听主机所有IP地址,但如果此时设置监听IP=FIRST属性,则还是只监听DNS解析的第一个成功连通的IP

For a given host name, Oracle Net attempts to connect to all IP addresses returned by Domain Name System (DNS) name resolution until a successful connection is established or all addresses have been attempted.

Example

listener_name=

 (DESCRIPTION=

  (ADDRESS=(PROTOCOL=tcp)(HOST=rancode1-vip)(PORT=1522)(IP=v6_only))

  1. QUEUESIZE

限制并发连接数,即请求队列长度,如限制并发还是用下面的rate_limit,即每秒处理数量

To specify the number of concurrent connection requests that the listener can accept on a TCP/IP or IPC listening endpoint (protocol address).

The number of concurrent connection requests is dependent on the platform and listener usage scenarios. If the listener is heavily-loaded, then set the parameter to a higher number.

Put this parameter at the end of the protocol address with its value set to the expected number of concurrent connection requests.

The default number of concurrent connection requests is operating system specific.

Example

listener_name=

 (DESCRIPTION=

  (ADDRESS=(PROTOCOL=tcp)(HOST=hr-server)(PORT=1521)(QUEUESIZE=20)))

  1. RECV_BUF_SIZE

To specify, in bytes, the buffer space for receive operations of sessions.

Put this parameter under the DESCRIPTION parameter or at the end of the protocol address with its value set to the expected number of bytes.

This parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP protocols.

The default value for this parameter is operating system specific. The default for the Linux operating system is 87380 bytes.

Example

listener_name=

  (DESCRIPTION=

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)

        (RECV_BUF_SIZE=11784))

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)

        (RECV_BUF_SIZE=11784))))listener_name=

  (DESCRIPTION=

    (ADDRESS_LIST=

      (RECV_BUF_SIZE=11784))

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))

  1. SEND_BUF_SIZE

To specify, in bytes, the buffer space for send operations of sessions.

Put this parameter under the DESCRIPTION parameter or at the end of the protocol address.

This parameter is supported by the TCP/IP, TCP/IP with SSL, and SDP protocols.

The default value for this parameter is operating system specific. The default for the Linux operating system is 16 KB.

Example

listener_name=

  (DESCRIPTION=

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)

       (SEND_BUF_SIZE=11280))

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)

       (SEND_BUF_SIZE=11280))))

listener_name=

  (DESCRIPTION=

    (SEND_BUF_SIZE=11280)

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521)

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))))

Connection Rate Limiter Parameters

The connection rate limiter feature in Oracle Net Listener enables a database administrator to limit the number of new connections handled by the listener. When this feature is enabled, Oracle Net Listener imposes a user-specified maximum limit on the number of new connections handled by the listener every second.

Depending on the configuration, the rate can be applied to a collection of endpoints, or to a specific endpoint.

  1. CONNECTION_RATE_listener name

全局设置对应监听名每秒处理连接数,需要在终端设置rate_limit才会生效

To specify a global rate that is enforced across all listening endpoints that are rate-limited.

When this parameter is specified, it overrides any endpoint-level numeric rate values that might be specified.

Syntax

CONNECTION_RATE_listener_name=number_of_connections_per_second

  1. RATE_LIMIT

用于局部设置某终端每秒处理连接数

如果同时使用connection_rate_listenername=n与rate_limit=yes则限制为每秒n个连接

如果同时使用connection_rate_listenername=n与rate_limit=m则限制为每秒n个连接

如果使用connection_rate_listenername=n未使用rate_limit则不限制

如果未使用connection_rate_listenername使用了rate_limit=n则限制为每秒n个连接

The parameter is specified in the ADDRESS section of the listener endpoint configuration.

LISTENER=

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))

  1. When the RATE_LIMIT parameter is set to yes for an endpoint, that endpoint is included in the enforcement of the global rate configured by the CONNECTION_RATE_listener_name parameter.
  2. The global rate limit is enforced individually at each endpoint that has RATE_LIMIT set to yes.

Dynamic endpoints for listeners managed by Oracle Clusterware have the RATE_LIMIT parameter set to yes.

  1. When the RATE_LIMIT parameter is set to a value greater than 0, then the rate limit is enforced at that endpoint level.

The following examples use the CONNECTION_RATE_listener name and RATE_LIMIT parameters.

CONNECTION_RATE_LISTENER=10

LISTENER=

  (ADDRESS_LIST=

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=yes))

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=yes))

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523)))

In the preceding example, the global rate of new connections is enforced separately for each endpoint. Connections through port 1521 are limited at 10 every second, and the connections through port 1522 are also separately limited at 10 every second. Connections through port 1523 are not limited.

Example 2

LISTENER= (ADDRESS_LIST=

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521)(RATE_LIMIT=5))

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1522)(RATE_LIMIT=10))

   (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1523))

   )

In the preceding example, the connection rates are enforced at the endpoint level. A maximum of 5 connections are processed through port 1521 every second. The limit for connections through port 1522 is 10 every second. Connections through port 1523 are not limited.

The global CONNECTON_RATE_listener_name parameter is not specified in the preceding configuration. If it is specified, then the limits on ports 1521 and 1522 are ignored, and the global value is used instead.

Control Parameters

1. ADMIN_RESTRICTIONS_listener_name

即是否开启online配置,如果关闭只能改配置文件后重启监听来修改配置

To restrict runtime administration of the listener.

Setting ADMIN_RESTRICTIONS_listener_name=on disables the runtime modification of parameters in listener.ora. That is, the listener refuses to accept SET commands that alter its parameters.

To change any of the parameters in listener.ora, including ADMIN_RESTRICTIONS_listener_name itself, modify the listener.ora file manually and reload its parameters using the RELOAD command for the new changes to take effect without explicitly stopping and restarting the listener.

Default off

ADMIN_RESTRICTIONS_listener=on

2. ALLOW_MULTIPLE_REDIRECTS_listener_name

To support multiple redirects of the client.

This parameter should only be set on the SCAN listener on the Oracle Public Cloud. When set to on, multiple redirects of the client are allowed.

Do not set this parameter for a node listener if that is used as a SCAN listener.

Default off

ALLOW_MULTIPLE_REDIRECTS_listener=on

  1. ENABLE_EXADIRECT_listener_name

To enable Exadirect protocol. The parameter enables Exadirect support.

Default: Off

ENABLE_EXADIRECT_listener=on

  1. CRS_NOTIFICATION_listener_name

By default, the Oracle Net listener notifies Cluster Ready Services (CRS) when it is started or stopped. These notifications allow CRS to manage the listener in an Oracle Real Application Clusters environment. This behavior can be prevented by setting the CRS_NOTIFICATION_listener_nameparameter to off.

Default: on

  1. DEDICATED_THROUGH_BROKER_listener_name

To enable the server to spawn a thread or process when a connection to the database is requested through the listener.

Default: off

DEDICATED_THROUGH_BROKER_listener=on

  1. DEFAULT_SERVICE_listener_name

To enable users to connect to the database without having to specify a service name from the client side.

In Oracle Database 12c, when a client tries to connect to the database the connection request passes through the listener. The listener may be servicing several different databases. If a service name is configured in this parameter, then users may not necessarily need to specify a service name in the connect syntax. If a user specifies a service name, then the listener connects the user to that specific database, otherwise the listener connects to the service name specified by the DEFAULT_SERVICE_listener_name parameter. For container databases, the client must explicitly specify the service name.

There is no default value for the DEFAULT_SERVICE_listener_name parameter. If this parameter is not configured and a user does not specify a fully-qualified service name in the connect syntax, then the connection attempt fails. This parameter only accepts one value.

DEFAULT_SERVICE_listener=sales.us.example.com

  1. INBOUND_CONNECT_TIMEOUT_listener_name

To specify the time, in seconds, for the client to complete its connect request to the listener after the network connection had been established.

If the listener does not receive the client request in the time specified, then it terminates the connection. In addition, the listener logs the IP address of the client and an ORA-12525:TNS: listener has not received client's request in time allowed error message to the listener.log file.

To protect both the listener and the database server, Oracle recommends setting this parameter in combination with the SQLNET.INBOUND_CONNECT_TIMEOUT parameter in the sqlnet.ora file. When specifying values for these parameters, consider the following recommendations:

  1. Set both parameters to an initial low value.
  2. Set the value of the INBOUND_CONNECT_TIMEOUT_listener_name parameter to a lower value than the SQLNET.INBOUND_CONNECT_TIMEOUT parameter.

Default: 60 seconds

INBOUND_CONNECT_TIMEOUT_listener=2

  1. LOCAL_REGISTRATION_ADDRESS_listener_name

To secure registration requests through dedicated secure registration endpoints for local listeners. Service ACLs are accepted by listener only if LOCAL_REGISTRATION_ADDRESS_lsnr alias is configured. The parameter specifies the group that is allowed to send ACLs.

The local registration endpoint accepts local registration connections from the specified group. All local registration requests coming on normal listening endpoints are redirected to the local registration endpoint. If the registrar is not a part of the group, then it cannot connect to the endpoint.

Default: OFF

Values: ON, OFF, or IPC endpoint address with group

When set to ON, listener defaults the group to oinstall on UNIX and ORA_INSTALL on Windows.

LOCAL_REGISTRATION_ADDRESS_lsnr_alias = (address=(protocol=ipc)(group=xyz))

LOCAL_REGISTRATION_ADDRESS_lsnr_alias =ON

  1. MAX_ALL_CONNECTIONS_listener_name

包含来自数据库的注册连接与来自客户端的连接请求

To specify the maximum number of concurrent registration and client connection sessions that can be supported by Oracle Net Listener.

This number includes registration connections from databases, and ongoing client connection establishment requests. After a connection is established, the clients do not maintain a connection to the listener. This limit only applies to client connections that are in the initial connection establishment phase from a listener perspective.

Default: Operating system-specific

MAX_ALL_CONNECTIONS_listener=40

  1. MAX_REG_CONNECTIONS_listener_name

应该是数据库注册最大并发

To specify the maximum number of concurrent registration connection sessions that can be supported by Oracle Net Listener.

Default:512

MAX_REG_CONNECTIONS_listener=20

  1. REGISTRATION_EXCLUDED_NODES_listener_name

To specify the list of nodes that cannot register with the listener.

The list can include host names or CIDR notation for IPv4 and IPv6 addresses. The wildcard format (*) is supported for IPv4 addresses. The presence of a host name in the list results in the inclusion of all IP addresses mapped to the host name. The host name should be consistent with the public network interface.

If the REGISTRATION_INVITED_NODES_listener_name parameter and the REGISTRATION_EXCLUDED_NODES_listener_name parameter are set, then the REGISTRATION_EXCLUDED_NODES_listener_name parameter is ignored.

REGISTRATION_EXCLUDED_NODES_listener = (10.1.26.*, 10.16.40.0/24, \

                                       2001:DB8:3eff:fe38, node2)

  1. REGISTRATION_INVITED_NODES_listener_name

To specify the list of node that can register with the listener.

REGISTRATION_INVITED_NODES_listener = (10.1.35.*, 10.1.34.0/24, \

                                      2001:DB8:fe38:7303, node1)

  1. REMOTE_REGISTRATION_ADDRESS_listener_name

To secure registration requests through dedicated secure registration endpoints for SCAN listeners.

The registration endpoint is on a private network within the cluster. All remote registration requests coming in on normal listening endpoints are redirected to the registration endpoint. Any system which is not a part of the cluster cannot connect to the endpoint. This feature is not supported when ADMIN_RESTRICTIONS_listener_name is set to ON as the Cluster Ready Services agent configures the remote_registration_addressdynamically at run time.

This parameter is configured internally in the SCAN listener to restrict registrations to the private network. The value of this parameter should not be modified or specified explicitly. The only supported explicit setting is for turning this feature off by setting the value to OFF. The value is OFF in non-SCAN listeners.

Values:off

REMOTE_REGISTRATION_ADDRESS_listener=off

  1. SAVE_CONFIG_ON_STOP_listener_name

To specify whether runtime configuration changes are saved to the listener.ora file.

When you set the parameter to true, any parameters that were modified while the listener was running using the Listener Control utility SET command are saved to the listener.ora file when the STOP command is issued. When you set the parameter to false, the Listener Control utility does not save the runtime configuration changes to the listener.ora file.

Default: false

SAVE_CONFIG_ON_STOP_listener=true

  1. SSL_CLIENT_AUTHENTICATION

To specify whether a client is authenticated using the Secure Sockets Layer (SSL).

The database server authenticates the client. Therefore, this value should be set to false. If this parameter is set to true, then the listener attempts to authenticate the client, which can result in a failure. Default:true

SSL_CLIENT_AUTHENTICATION=false

  1. SSL_VERSION

To limit allowable SSL or TLS versions used for connections.

Clients and database servers must use a compatible version. This parameter should only be used when absolutely necessary for backward compatibility. The current default uses TLS version 1.2 which is the version required for multiple security compliance requirements.

Default:1.2

Values:undetermined | 3.0 | 1.0| 1.1 | 1.2

If you want to specify one version or another version, then use “or”. The following values are permitted:

1.0 or 3.0 | 1.2 or 3.0 | 1.1 or 1.0 | 1.2 or 1.0 | 1.2 or 1.1 | 1.1 or 1.0 or 3.0 |

1.2 or 1.0 or 3.0 | 1.2 or 1.1 or 1.0 | 1.2 or 1.1 or 3.0 |1.2 or 1.1 or 1.0 or 3.0

The remaining version numbers correspond to the TLS versions, such as, TLSv1.0, TLSv1.1, and TLSv1.2.

  1. SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name

To subscribe to Oracle Notification Service (ONS) notifications for downed events.

By default, the listener subscribes to the ONS node down event on startup, if ONS is available. This subscription enables the listener to remove the affected service when it receives node down event notification from ONS. The listener uses asynchronous subscription for the event notification. Alter this behavior by setting SUBSCRIBE_FOR_NODE_DOWN_EVENT_listener_name=off in listener.ora.

Default:on

  1. USE_SID_AS_SERVICE_listener_name

To enable the system identifier (SID) in the connect descriptor to be interpreted as a service name when a user attempts a database connection.

Database clients with earlier releases of Oracle Database that have hard-coded connect descriptors can use this parameter to connect to a container or pluggable database.

When the database is an Oracle Database 12c container database, the client must specify a service name in order to connect to it. Setting this parameter to on instructs the listener to use the SID in the connect descriptor as a service name and connect the client to the specified database. Default:off

  1. VALID_NODE_CHECKING_REGISTRATION_listener_name

To determine whether valid node checking registration is performed, or the subnet is allowed.

When set to on, valid node checking registration is performed at the listener for any incoming registration request, and only local IP addresses are allowed.

Default:on

Values

off | 0 to specify valid node checking registration is off, and no checking is performed.

on | 1 | local to specify valid node checking registration is on, and all local IP addresses can register. If a list of invited nodes is set, then all IP addresses, host names, or subnets in the list as well as local IP addresses are allowed.

subnet | 2 to specify valid node checking registration is on, and all machines in the local subnets are allowed to register. If a list of invited nodes is set, then all nodes in the local subnets as well as all IP addresses, host names and subnets in the list are allowed.

Example

VALID_NODE_CHECKING_REGISTRATION_listener=on

  1. WALLET_LOCATION

To specify the location of wallets.

Wallets are certificates, keys, and trustpoints processed by SSL that allow for secure connections.

The key/value pair for Microsoft certificate store (MCS) omits the METHOD_DATA parameter because MCS does not use wallets. Instead, Oracle PKI (public key infrastructure) applications obtain certificates, trustpoints and private keys directly from the user's profile.

If an Oracle wallet is stored in the Microsoft Windows registry and the wallet's key (KEY) is SALESAPP, then the storage location of the encrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\EWALLET.P12. The storage location of the decrypted wallet is HKEY_CURRENT_USER\SOFTWARE\ORACLE\WALLETS\SALESAPP\CWALLET.SSO.

Additional Parameters

The following additional parameters are available for WALLET_LOCATION:

SOURCE: Type of storage for wallets and storage location.

METHOD: Type of storage.

METHOD_DATA: Storage location.

DIRECTORY: Location of Oracle wallets on file system.

KEY: Wallet type and location in the Microsoft Windows registry.

PROFILE: Entrust profile file (.epf).

INIFILE: Entrust initialization file (.ini).

Default:None

Examples

Oracle wallets on file system:

WALLET_LOCATION=  

  (SOURCE=

      (METHOD=file)

      (METHOD_DATA=  

         (DIRECTORY=/etc/oracle/wallets/databases)))

Microsoft certificate store:

WALLET_LOCATION=

   (SOURCE=

     (METHOD=mcs))

Oracle Wallets in the Microsoft Windows registry:

WALLET_LOCATION=

   (SOURCE=

     (METHOD=REG)

     (METHOD_DATA=

        (KEY=SALESAPP)))

Entrust Wallets:

WALLET_LOCATION=

   (SOURCE=

     (METHOD=entr)

     (METHOD_DATA=

       (PROFILE=/etc/oracle/wallets/test.epf)

       (INIFILE=/etc/oracle/wallets/test.ini)))

ADR Diagnostic Parameters for Oracle Net Listener

This section includes the parameters used when ADR is enabled. Non-ADR parameters listed in the listener.ora file are ignored when ADR is enabled. ADR is enabled by default.

  1. ADR_BASE_listener_name

To specify the base directory that stores tracing and logging incidents when ADR is enabled.

The default is ORACLE_BASE, or ORACLE_HOME/log if ORACLE_BASE is not defined.

ADR_BASE_listener=/oracle/network/trace

  1. DIAG_ADR_ENABLED_listener_name

To indicate whether ADR tracing is enabled.

When the DIAG_ADR_ENABLED_listener_name parameter is set to on, then ADR file tracing is used. When the DIAG_ADR_ENABLED_listener_name parameter is set to off, then non-ADR file tracing is used.

Default:on

DIAG_ADR_ENABLED_listener=on

  1. LOGGING_listener_name

To turn logging on or off.

This parameter is also applicable when non-ADR tracing is used.

Default:on

LOGGING_listener=on

  1. TRACE_LEVEL_listener_name

To turn listener tracing on, at a specific level, or off.

This parameter is also applicable when non-ADR tracing is used.

Default:off | 0

Values

off or 0 for no trace output

user or 4 for user trace information

admin or 10 for administration trace information

support or 16 for Oracle Support Services trace information

Example

TRACE_LEVEL_listener=admin

  1. TRACE_TIMESTAMP_listener_name

To add a time stamp in the form of dd-mmm-yyyy hh:mi:ss:mil to every trace event in the trace file for the listener.

This parameter is used with the TRACE_LEVEL_listener_name parameter. This parameter is also applicable when non-ADR tracing is used.

Default:on

TRACE_TIMESTAMP_listener=true

Non-ADR Diagnostic Parameters for Oracle Net Listener

This section lists the parameters used when ADR is disabled. 

7.6.1 LOG_DIRECTORY_listener_name

Purpose

To specify the destination directory of the listener log file.

Usage Notes

Use this parameter when ADR is not enabled.

Default

CopyORACLE_HOME/network/log

Example

CopyLOG_DIRECTORY_listener=/oracle/network/admin/log

7.6.2 LOG_FILE_listener_name

Purpose

To specify the name of the log file for the listener.

Usage Notes

Use this parameter when ADR is not enabled.

Default

Copylistener.log

Example

CopyLOG_FILE_listener=list.log

7.6.3 TRACE_DIRECTORY_listener_name

Purpose

To specify the destination directory of the listener trace file.

Usage Notes

Use this parameter when ADR is not enabled.

Default

CopyORACLE_HOME/network/trace

Example

CopyTRACE_DIRECTORY_listener=/oracle/network/admin/trace

7.6.4 TRACE_FILE_listener_name

Purpose

To specify the name of the trace file for the listener.

Usage Notes

Use this parameter when ADR is not enabled.

Default

Copylistener.trc

Example

CopyTRACE_FILE_listener=list.trc

7.6.5 TRACE_FILEAGE_listener_name

Purpose

To specify the maximum age of listener trace files in minutes.

Usage Notes

When the age limit is reached, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO_listener_nameparameter. Use this parameter when ADR is not enabled.

Default

Unlimited

This is the same as setting the parameter to 0.

Example 7-4 Example

TRACE_FILEAGE_listener=60

7.6.6 TRACE_FILELEN_listener_name

Purpose

To specify the size of the listener trace files in kilobytes (KB).

Usage Notes

When the size is met, the trace information is written to the next file. The number of files is specified using the TRACE_FILENO_listener_nameparameter. Use this parameter when ADR is not enabled.

Default

Unlimited

Example

CopyTRACE_FILELEN_listener=100

7.6.7 TRACE_FILENO_listener_name

Purpose

To specify the number of trace files for listener tracing.

Usage Notes

When this parameter is set along with the TRACE_FILELEN_listener_name parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is re-used, and so on.

The trace file names are distinguished from one another by their sequence number. For example, if the default trace file of listener.trc is used, and this parameter is set to 3, then the trace files would be named listener1.trclistener2.trc and listener3.trc.

In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.

Default

1

Example

CopyTRACE_FILENO_listener=3

Class of Secure Transports Parameters

The class of secure transports (COST) parameters specify a list of transports that are considered secure for administration and registration of a particular listener. The COST parameters identify which transports are considered secure for that installation and whether the administration of a listener requires secure transports. Configuring these parameters is optional.

  1. DYNAMIC_REGISTRATION_listener_name

To enable or disable dynamic registration.

Static registrations are not affected by this parameter.

The default value is on. Unless this parameter is explicitly set to off, all registration connections are accepted.

Example

DYNAMIC_REGISTRATION_listener_name=on

  1. SECURE_CONTROL_listener_name

To specify the transports on which control commands are to be serviced.

If the SECURE_CONTROL_listener_name parameter is configured with a list of transport names, then the control commands are serviced only if the connection is one of the listed transports. Connections arriving by other transport protocols are refused. The following is an example:

SECURE_CONTROL_listener1 = (TCPS,IPC)

In the preceding example, administration requests are accepted only on TCPS and IPC transports.

If no values are entered for this parameter, then the listener accepts any connection on any endpoint.

Syntax

SECURE_CONTROL_listener_name = [(]transport1[,transport2, ....,transportn)]

In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.

Example

LISTENER1=

 (DESCRIPTION=

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))

      (ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))

  SECURE_CONTROL_LISTENER1=tcps

  1. SECURE_REGISTER_listener_name

To specify the transports on which registration requests are to be accepted.

If the SECURE_REGISTER_listener_name parameter is configured with a list of transport names, then only the connections arriving on the specified transports are able to register the service with the listener. Connections arriving by other transport protocols are refused. The following is an example:

SECURE_REGISTER_listener1 = (TCPS,IPC)

In the preceding example, registration requests are accepted only on TCPS and IPC transports.

If no values are entered for this parameter, then the listener accepts registration requests from any transport.

Syntax

SECURE_REGISTER_listener_name = [(]transport1[,transport2, ....,transportn)]

In the preceding example, transport1, transport2, and transportn are valid, installed transport protocol names.

If this parameter and SECURE_CONTROL_listener_name are configured, then they override the SECURE_PROTOCOL_listener_name parameter.

Example

LISTENER1=

 (DESCRIPTION=

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))

      (ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))

  SECURE_REGISTER_listener1=tcps

  1. SECURE_PROTOCOL_listener_name

To specify the transports on which administration and registration requests are accepted.

If this parameter is configured with a list of transport names, then the control commands and service registration can happen only if the connection belongs to the list of transports.

If this parameter is not present and neither SECURE_CONTROL_listener_name or SECURE_REGISTER_listener_name are configured, then all supported transports accept control and registration requests.

If the SECURE_CONTROL_listener_name and SECURE_REGISTER_listener_name parameters are configured, then they override the SECURE_PROTOCOL_listener_name parameter.

Syntax

SECURE_PROTOCOL_listener_name = [(]transport1[,transport2, ....,transportn)]

In the preceding syntax, transport1, transport2, and transportn are valid, installed transport protocol names.

Example

LISTENER1=

 (DESCRIPTION=

    (ADDRESS_LIST=

      (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))

      (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))

      (ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))

  SECURE_PROTOCOL_listener1=tcps

  1. Using COST Parameters in Combination

COST parameters can also be used in combination to further control which transports accept service registration and control commands.

In Example 7-5, control commands are accepted only on the IPC channel and the TCPS transport, and service registrations are accepted only on an IPC channel.

Example 7-5 Combining COST Parameters

LISTENER1=

 (DESCRIPTION=

   (ADDRESS_LIST=

     (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))

     (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))

     (ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))

  SECURE_CONTROL_listener1=(tcps,ipc)

  SECURE_REGISTER_listener1=ipc

In Example 7-6, control commands are accepted only on the TCPS transport, and service registrations are accepted only on the IPC channel.

Example 7-6 Combining COST Parameters

LISTENER1=

 (DESCRIPTION=

   (ADDRESS_LIST=

     (ADDRESS=(PROTOCOL=tcp)(HOST=sales-server)(PORT=1521))

     (ADDRESS=(PROTOCOL=ipc)(KEY=extproc))

     (ADDRESS=(PROTOCOL=tcps)(HOST=sales-server)(PORT=1522))))

  SECURE_CONTROL_listener1=tcps

  SECURE_PROTOCOL_listener1=ipc

  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
Oracle Database 安全配置。 Table of Contents Overview ...................................................................................................................................................................... 9 Intended Audience .............................................................................................................................................. 9 Consensus Guidance ........................................................................................................................................... 9 Typographical Conventions ......................................................................................................................... 10 Scoring Information ......................................................................................................................................... 10 Profile Definitions ............................................................................................................................................. 11 Acknowledgements .......................................................................................................................................... 13 Recommendations ................................................................................................................................................. 14 1 Oracle Database Installation and Patching Requirements .......................................................... 14 1.1 Ensure the Appropriate Version/Patches for Oracle Software Is Installed (Not Scored) ......................................................................................................................................................... 14 1.2 Ensure All Default Passwords Are Changed (Scored) ..................................................... 16 1.3 Ensure All Sample Data And Users Have Been Removed (Scored) ............................ 18 2 Oracle Parameter Settings ........................................................

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值