Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Controlling Access to the Oracle Listener Copyright © 2004, Oracle. All rights reserved. Objectives After completing this lesson, you should be able to do the following: • Secure the listener • Enable TCP valid node checking • Remove default EXTPROC entry • 3-2 Add a separate listener to handle external procedure calls Copyright © 2004, Oracle. All rights reserved. Oracle Net Services Review Application Oracle Net Listener TCP/IP network Client sqlnet.ora 3-3 RDBMS Oracle Net Database server tnsnames.ora listener.ora Copyright © 2004, Oracle. All rights reserved. Listener Password Authentication • • • In Oracle Database 10g, the listener is secure by default. Operating system authentication is used. Listener passwords are still supported if needed. – Use listener control utility lsnrctl – Use EM Database Control – Use Oracle Net Manager 3-4 Copyright © 2004, Oracle. All rights reserved. Setting Listener Password Using Enterprise Manager 3-5 Copyright © 2004, Oracle. All rights reserved. Setting Listener Password with Net Manager 3-6 Copyright © 2004, Oracle. All rights reserved. Set Password with lsnrctl Utility Using the lsnrctl CHANGE_PASSWORD command: $ lsnrctl LSNRCTL> CHANGE_PASSWORD Old password: ******* New Password: 1tsaSafe1 Reenter new password: 1tsaSafe1 LSNRCTL> SAVE_CONFIG 3-7 Copyright © 2004, Oracle. All rights reserved. Controlling Database Access 3-8 Copyright © 2004, Oracle. All rights reserved. Oracle Net Services External Procedures • • • • 3-9 External procedures that are called from a program, but are written in a different language The listener must be configured to listen for external procedure calls Listener starts an external procedure agent Default agent name is EXTPROC Copyright © 2004, Oracle. All rights reserved. Overview of the EXTPROC Agent • • • • 3-10 It services execution of external procedures for the duration of the session until the user logs off. Each session uses a different EXTPROC agent to execute external procedures. The listener must be configured to allow the server to be associated with the EXTPROC agent. The listener must be on the same machine as the server. Copyright © 2004, Oracle. All rights reserved. PL/SQL Calling a C External Procedure 3 2 Listener process 4 6 EXTPROC agent 7 5 PL/SQL Alias subprogram library BEGIN myproc 1 3-11 User process External procedure Copyright © 2004, Oracle. All rights reserved. Shared library Default Configuration for External Procedure Calls • • Listener is configured to accept requests for external procedures by Oracle Net Configuration Assistant during installation. A net service name is configured in the tnsnames.ora file. EXTPROC_CONNECTION_DATA= (DESCRIPTION= (ADDRESS=(PROTOCOL=ipc)(KEY=extproc)) (CONNECT_DATA= (SID=plsextproc))) 3-12 Copyright © 2004, Oracle. All rights reserved. Modifying the Configuration for External Procedure Calls 1. Remove the external procedure entries for the default listener. 2. Configure a separate listener dedicated to servicing external procedures. 3. Configure listener to run with privileges lower than those of the listener for the database. 4. Restrict the DLLs that the EXTPROC agent can load. 3-14 Copyright © 2004, Oracle. All rights reserved. Remove Default EXTPROC Entry Using Enterprise Manager: 3-15 Copyright © 2004, Oracle. All rights reserved. Remove Default EXTPROC Entry Using Net Manager 3-16 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Enterprise Manager 3-17 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Enterprise Manager 3-18 Copyright © 2004, Oracle. All rights reserved. Configure a Dedicated Listener for External Procedure Calls Using Net Manager 3-19 Copyright © 2004, Oracle. All rights reserved. Summary In this lesson, you should have learned how to: • Secure the listener • Enable TCP valid node checking • Remove default EXTPROC entry • 3-21 Add a separate listener to handle external procedure calls Copyright © 2004, Oracle. All rights reserved. Practice 3 Overview: Controlling Access to the Listener This practice covers the following topics: • Password protecting listener management tasks • Removing the default EXTPROC listener service • • 3-22 Creating a dedicated listener for external procedures Controlling database access Copyright © 2004, Oracle. All rights reserved.