Default Host Name in Oracle Net Configurations - Secrets of the Oracle Database - page 423

Database Reference

In-Depth Information

Disabling the Default Listener

Another use for the default host name is to disable the default listener called LISTENER. Let us

assume that multiple listeners, each dedicated to a single DBMS instance, are running on a

system whereby each listener has a unique name that includes the name of the DBMS instance

it serves. Hence the default name LISTENER is not used. If a DBA forgets to supply the listener

name to the lsnrctl command, the default listener LISTENER starts, since it does not require

any configuration in listener.ora . This may pose a problem to security if the correct listener

needs to be started with a special setting of TNS_ADMIN that enables valid node checking in

$TNS_ADMIN/sqlnet.ora . Other security-related listener parameters like ADMIN_RESTRICTIONS _

listener_name 1 may be in effect for non-default listeners, but are disabled in a default listener

configuration. Hence it makes sense to disable the default listener with a generic section in

listener.ora .

On the UNIX platform, port numbers between 1 and 1023 inclusive may only be used by

programs running with root privileges. If a port number in that range is used by an Oracle

listener, it fails to start with “TNS-12546: TNS:permission denied”. Windows does not impose

the aforementioned restriction on port numbers. However, the invalid port number 0 may be

used to prevent the default listener from starting. A listener configuration that accomplishes

this for both UNIX and Windows independently of the host name is reproduced here:

# Disable default listener

LISTENER =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST=)(PORT = 0))

)

This configuration prevents the default listener from starting:

$ lsnrctl start

…

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=)(PORT=0)))

TNS-01103: Protocol specific component of the address is incorrectly specified

TNS-12533: TNS:illegal ADDRESS parameters

TNS-12560: TNS:protocol adapter error

TNS-00503: Illegal ADDRESS parameters

The error serves as a reminder to set TNS_ADMIN , if necessary, and to supply the correct

listener name to the lsnrctl command.

With ADMIN_RESTRICTIONS _ listener =on , the listener rejects SET commands that might have been sent

from an intruder on a remote system. It only allows changes through lsnrctl reload on the local system.

1.

Next Page

Secrets of the Oracle Database

Search WWH ::

Custom Search

Home