To safeguard against security vulnerability (CVE-2012-1675) as published here, COST (Class of Secure Transport) parameter is used to restrict any remote instance to get registered with the listener running on a database server. This is done by adding a parameter SECURE_REGISTER_<LISTENER_NAME> = (TCP) in the listener.ora file
.
In the following demonstration, a listener is running on a Linux server where container/pluggable databases and services are registered with the listener - as can be seen in the following screenshot.
Now I have a database (salman11) running on a remote windows based machine where setting remote_listener parameter would make salman11 database to register with this listener
Adding remote_listener parameter to salman11
Checking listener where salman11 has got itself registered
Now implementing COST by adding SECURE_REGISTER_LISTENER = (TCP)
############################
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = salman1.salman.com)(PORT = 1521))
)
)
SECURE_REGISTER_LISTENER=(TCP)
############################
Add SECURE_REGISTER_LISTENER = (TCP) and reload/restart the listener. After doing this, salman11 database is no longer be seen registered with this listener.
.
In the following demonstration, a listener is running on a Linux server where container/pluggable databases and services are registered with the listener - as can be seen in the following screenshot.
Now I have a database (salman11) running on a remote windows based machine where setting remote_listener parameter would make salman11 database to register with this listener
Adding remote_listener parameter to salman11
Checking listener where salman11 has got itself registered
Now implementing COST by adding SECURE_REGISTER_LISTENER = (TCP)
############################
LISTENER =
(DESCRIPTION_LIST =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521))
(ADDRESS = (PROTOCOL = TCP)(HOST = salman1.salman.com)(PORT = 1521))
)
)
SECURE_REGISTER_LISTENER=(TCP)
############################
Add SECURE_REGISTER_LISTENER = (TCP) and reload/restart the listener. After doing this, salman11 database is no longer be seen registered with this listener.
No comments:
Post a Comment