配置侦听器的安全性

为侦听器设置口令

lsnrctl

change_password

save_config

set password pass

LSNRCTL> change_password

Old password:

New password:

Reenter new password:

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.19)(PORT=1521)))

LISTENER 的口令已更改

命令执行成功

LSNRCTL> save_config

正在连接到 (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=192.168.1.19)(PORT=1521)))

保存的 LISTENER 配置参数。

监听程序参数文件 C:\oracle\product\10.2.0\db_1\network\admin\listener.ora

旧的参数文件 C:\oracle\product\10.2.0\db_1\network\admin\listener.bak

命令执行成功

LSNRCTL> set password pass

命令执行成功

listener.ora Network Configuration File: C:\oracle\product\10.2.0\db_1\NETWORK\ADMIN\listener.ora

Generated by Oracle configuration tools.

PASSWORDS_LISTENER= E6AB51A66609005B

SID_LIST_LISTENER =

(SID_LIST =

(SID_DESC =

(GLOBAL_DBNAME = WWW)

(ORACLE_HOME = C:\oracle\product\10.2.0)

(SID_NAME = WWW)

)

(SID_DESC =

(GLOBAL_DBNAME = TEST)

(ORACLE_HOME = C:\oracle\product\10.2.0)

(SID_NAME = TEST)

)

)

LISTENER =

(DESCRIPTION =

(ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.19)(PORT = 1521))

)

可对远程机器对此侦听器操作进行某些操作（如 stop、status、services 等）进行口令验证，本机没限制

也可在 Net Manager 中修改

listener.ora 文件中会包含加密过的口令

sqlnet.ora Network Configuration File: C:\oracle\product\10.2.0\db_1\NETWORK\ADMIN\sqlnet.ora

Generated by Oracle configuration tools.

This file is actually generated by netca. But if customers choose to

install "Software Only", this file wont exist and without the native

authentication, they will not be able to connect to the database on NT.

TCP.VALIDNODE_CHECKING = YES

SQLNET.AUTHENTICATION_SERVICES= (NTS)

TCP.INVITED_NODES= (192.168.1.2, 192.168.1.19, 192.168.1.1)

TCP.EXCLUDED_NODES= (192.168.0.1, 192.168.1.1)

在 Net Manager 中配置排除访问或允许访问的地址

配置邀请节点时要把服务器地址也包括进去，不然下次启动出错

邀请节点优先级高于排除节点