1. 3 Copyright © 2004, Oracle. All rights reserved. Controlling Access to the Oracle Listener

2. 3-2 Copyright © 2004, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: Secure the listener Enable TCP valid node checking Remove default EXTPROC entry Add a separate listener to handle external procedure calls

3. 3-3 Copyright © 2004, Oracle. All rights reserved. Oracle Net Services Review Application Oracle Net RDBMS Oracle Net ClientDatabase server TCP/IP network Listener tnsnames.orasqlnet.oralistener.ora

4. 3-4 Copyright © 2004, Oracle. All rights reserved. Listener Password Authentication In Oracle Database 10g, the listener is secure by default. Operating system authentication is used. Listener passwords are still supported if needed. –Use listener control utility lsnrctl –Use EM Database Control –Use Oracle Net Manager

5. 3-5 Copyright © 2004, Oracle. All rights reserved. Setting Listener Password Using Enterprise Manager

6. 3-6 Copyright © 2004, Oracle. All rights reserved. Setting Listener Password with Net Manager

7. 3-7 Copyright © 2004, Oracle. All rights reserved. Set Password with lsnrctl Utility Using the lsnrctl CHANGE_PASSWORD command: $ lsnrctl LSNRCTL> CHANGE_PASSWORD Old password: ******* New Password: 1tsaSafe1 Reenter new password: 1tsaSafe1 LSNRCTL> SAVE_CONFIG

8. 3-8 Copyright © 2004, Oracle. All rights reserved. Controlling Database Access

9. 3-9 Copyright © 2004, Oracle. All rights reserved. Oracle Net Services External Procedures External procedures that are called from a program, but are written in a different language The listener must be configured to listen for external procedure calls Listener starts an external procedure agent Default agent name is EXTPROC

10. 3-10 Copyright © 2004, Oracle. All rights reserved. Overview of the EXTPROC Agent It services execution of external procedures for the duration of the session until the user logs off. Each session uses a different EXTPROC agent to execute external procedures. The listener must be configured to allow the server to be associated with the EXTPROC agent. The listener must be on the same machine as the server.

11. 3-11 Copyright © 2004, Oracle. All rights reserved. 1 PL/SQL subprogram Alias library 2 3 4 EXTPROC agent User process PL/SQL Calling a C External Procedure Shared library 5 External procedure 6 7 Listener process BEGIN myproc

12. 3-12 Copyright © 2004, Oracle. All rights reserved. Default Configuration for External Procedure Calls Listener is configured to accept requests for external procedures by Oracle Net Configuration Assistant during installation. A net service name is configured in the tnsnames.ora file. EXTPROC_CONNECTION_DATA= (DESCRIPTION= (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)) (CONNECT_DATA= (SID=plsextproc)))

13. 3-13 Copyright © 2004, Oracle. All rights reserved.

14. 3-14 Copyright © 2004, Oracle. All rights reserved. Modifying the Configuration for External Procedure Calls 1.Remove the external procedure entries for the default listener. 2.Configure a separate listener dedicated to servicing external procedures. 3.Configure listener to run with privileges lower than those of the listener for the database. 4.Restrict the DLLs that the EXTPROC agent can load.

15. 3-15 Copyright © 2004, Oracle. All rights reserved. Remove Default EXTPROC Entry Using Enterprise Manager:

16. 3-16 Copyright © 2004, Oracle. All rights reserved. Remove Default EXTPROC Entry Using Net Manager

17. 3-17 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Enterprise Manager

18. 3-18 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Enterprise Manager

19. 3-19 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Net Manager

20. 3-20 Copyright © 2004, Oracle. All rights reserved.

21. 3-21 Copyright © 2004, Oracle. All rights reserved. Summary In this lesson, you should have learned how to: Secure the listener Enable TCP valid node checking Remove default EXTPROC entry Add a separate listener to handle external procedure calls

22. 3-22 Copyright © 2004, Oracle. All rights reserved. Practice 3 Overview: Controlling Access to the Listener This practice covers the following topics: Password protecting listener management tasks Removing the default EXTPROC listener service Creating a dedicated listener for external procedures Controlling database access

23. 3-23 Copyright © 2004, Oracle. All rights reserved.

24. 3-24 Copyright © 2004, Oracle. All rights reserved.