Friday, June 13, 2008

Oracle TNS Listener: To Password or Not To Password

For database releases prior to Oracle Database 10g Release 1: you should set an administrative password for the TNS listener. For Oracle Database 10g Release 1 and later releases, the default authentication mode for the TNS listener is local OS authentication, which requires the TNS listener administrator to be a member of the local dba group. Setting a password for the TNS listener in Oracle Database 10g Release 1 and higher simplifies administration. However, setting a password requires good password management to prevent unauthorized users from guessing the password and potentially gaining access to privileged listener operations. Because the listener acts as the database’s gateway to and from the network, it is important to secure it. Customers may wish to consider not setting a password for the TNS listener starting with Oracle Database 10g Release 1, because in the interest of increasing security and reducing risks, the default behavior changed in this and later releases.

-----------------------

http://andrewfraser.wordpress.com/2007/05/24/listener-passwords-always-for-9i-never-for-10g/

Oracle Database Listener Security Guide (April 2007)
http://www.integrigy.com/security-resources/whitepapers/Integrigy_Oracle_Listener_TNS_Security.pdf

Now you know...

No comments:

Post a Comment