This short paper shows you how you can set a password for the Oracle listener. These passwords can be set either encrypted or unencrypted. Obviously I would not recommend setting clear text passwords. Whilst in some cases these can be made reasonably secure the problem is that a password is stored in clear text in a file. For completeness I will show both methods:
Setting an Oracle listener password in clear text
The listener password can be set in clear text as follows: (It should be noted that it is possible to set more than one listener password in this way.)
Open the $ORACLE_HOME/network/admin/listener.ora file and locate the name of your listener. For instance my listener has the default name LISTENER. I can see this in the following lines:
LISTENER =
(DESCRIPTION_LIST =It is the line starting LISTENER= . Simply add a line to this file with the following format:
PASSWORDS_{LISTENER_NAME}=somesecretpassword
i.e in my case if the listener is called LISTENER then:
PASSWORDS_LISTENER=somesecretpassword
You can also set multiple passwords as follows:
PASSWORDS_LISTENER=(somesecretpassword,anothersecret)
Anyway above method is not the best way to secure your listener.
Setting an encrypted Oracle listener password
It should be done with an encrypted password as follows:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:27:
55
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> set current_listener listener
Current Listener is listenerLSNRCTL> set password
Password:
The command completed successfully
LSNRCTL> save_config
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
Saved LISTENER configuration parameters.
Listener Parameter File C:\oracle\ora90\network\admin\listener.ora
Old Parameter File C:\oracle\ora90\network\admin\listener.bak
The command completed successfully
LSNRCTL>
You must save the configuration after setting the password otherwise it will be lost. Also you can check what was generated by looking in the listener.ora file. This is what was generated from the above commands:
#—-ADDED BY TNSLSNR 24-FEB-2004 11:29:18—
PASSWORDS_LISTENER = F0354118688257FB
Should you want to remove the listener password do the following:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:32:
05
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.LSNRCTL> stop
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
The command completed successfully
Edit the listener.ora file to remove the lines added above and restart the listener as follows:
C:\oracle\ora90\network\admin>lsnrctl
LSNRCTL for 32-bit Windows: Version 9.2.0.1.0 - Production on 24-FEB-2004 11:33:
34
Copyright (c) 1991, 2002, Oracle Corporation. All rights reserved.
Welcome to LSNRCTL, type "help" for information.
LSNRCTL> start
Starting tnslsnr: please wait...
TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Production
System parameter file is C:\oracle\ora90\network\admin\listener.ora
Log messages written to C:\oracle\ora90\network\log\listener.log
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc
)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC0)))
STATUS of the LISTENER
------------------------
Alias LISTENER
Version TNSLSNR for 32-bit Windows: Version 9.2.0.1.0 - Produc
tion
Start Date 24-FEB-2004 11:33:38
Uptime 0 days 0 hr. 0 min. 2 sec
Trace Level off
Security OFF
SNMP OFF
Listener Parameter File C:\oracle\ora90\network\admin\listener.ora
Listener Log File C:\oracle\ora90\network\log\listener.log
Listening Endpoints Summary...
(DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(PIPENAME=\\.\pipe\EXTPROC0ipc)))
(DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=zulia)(PORT=1521)))
Services Summary...
Service "PLSExtProc" has 1 instance(s).
Instance "PLSExtProc", status UNKNOWN, has 1 handler(s) for this service...
Service "sans" has 1 instance(s).
Instance "sans", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfullyThat’s it!, you should always protect your listener with a password. This is a basic security requirement. If the listener is not password protected then it can be shutdown remotely or have its configuration change or could be used to hack your server
