Security & ComplianceThis is a featured page

security and compliance


No user avatar
nasskhan 		Latest page update: made by nasskhan , Apr 30 2008, 5:33 PM EDT (about this update About This Update nasskhan Edited by nasskhan

3 words added

view changes
- complete history)
Keyword tags: security compliance
More Info: links to this page

Threads for this page

Started By Thread Subject Replies Last Post
bhavik.fuletra Setting Listener Password 1 Oct 15 2008, 12:39 AM EDT by smashphotons
Thread started: Aug 28 2008, 4:58 PM EDT  Watch
One of the biggest loophole that an Oracle database installation can have is Oracle Listener without a password. At the time of client server this fact somehow can be overlooked as we know who our user are, but now in days of web we don’t them so its becomes very important that we secure Oracle Listener.

Setting the password for the listener can be done in following three ways:

1. Editing the listener.ora file and setting the password in it.
2. Using LSNRCTL utility.
3. Through Oracle Graphical tools such as Net Manager, Oracle Enterprise Manager and so on.

In this blog entry I will mainly concentrate on first two.

Under first method we can edit the listener.ora file and add the following line in it.

PASSWORDS_LISTENER = imergegroup and then restart the listener.

But the drawback with this method is that password is stored in plain text format without encryption.

In Second method, we can run LSNRCTL utility and then can give command as follows:

LSNRCTL>change_password

After it it will prompt your for old password, if it is there you can type in or press enter.

Then it will prompt you for the new password which you want to set and then press enter.

Then it will again prompt you to reenter the new password for confirmation and then press enter.

After this password will be changes for running instance or session of the listener.

If we want it applicable for all the future instance or session we need to save the configuration for future use as follows:

LSNRCTL> set password

LSNRCTL> save_config

One these steps are completed, if we open listener.ora file we will notice that same line as we add in first method is added but password is in encrypted format.
7  out of 8 found this valuable. Do you?    
Keyword tags: administration listener oracle security
Show Last Reply
ekuznetsova Custom authentication 0 Jul 14 2008, 1:39 PM EDT by ekuznetsova
Thread started: Jul 14 2008, 1:39 PM EDT  Watch
Is it possible to implement API-based custom authentication module for Oracle? We have a homegrown SSO system that is available by API only. It does not implement Kerberos, LDAP or any other third party protocols that Oracle supports out of the box. Is it possible to implement a plugin that will allow us to authenticate Orace users through our SSO service? What interface(s) should we implement?
Do you find this valuable?    
Keyword tags: security authentication
rdr2004 Oracle Audit Vault 0 Dec 16 2007, 2:44 PM EST by rdr2004
Thread started: Dec 16 2007, 2:44 PM EST  Watch
Can someone who is using OAV for their production instances? I have it installed in my sand box. Would like to hear from someone who is already using it in production from their experiencce on what are the drawbacks and pit falls and advantages besides that are mentioned already?
3  out of 7 found this valuable. Do you?    
Keyword tags: security compliance
Showing 3 of 3 threads for this page

Related Content

  (what's this?Related ContentThanks to keyword tags, links to related pages and threads are added to the bottom of your pages. Up to 15 links are shown, determined by matching tags and by how recently the content was updated; keeping the most current at the top. Share your feedback on Wetpaint Central.)
Oracle Audit Vault