在缺省的情况下,任意用户不需要使用任何密码即通过lsnrctl 工具对Oracle Listener进行操作或关闭,从而造成任意新的会话都将无法建立连接。在Oracle 9i 中Oracle监听器允许任何一个人利用lsnrctl从远程发起对监听器的管理。也容易导致数据库受到损坏。可以在环境中为监听配置密码,这样对监听的操作就需要密码来验证。
在未设置密码的情况下,启动监听
|
1 2 3 4 5 6 7 8 |
[oracle@test ~]$ lsnrctl stop LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 26-JUN-2016 08:22:26 Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) The command completed successfully |
重新启动监听并设置密码
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 |
[oracle@test ~]$ lsnrctl LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 26-JUN-2016 08:24:09 Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved. Welcome to LSNRCTL, type "help" for information. LSNRCTL> set current_listener listener_demo -->设置当前监听器 Current Listener is listener_demo LSNRCTL> start -->启动过程也不需要任何密码,启动的详细信息省略 LSNRCTL> change_password -->使用change_password来设置密码 Old password: New password: Reenter new password: Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) Password changed for listener_demo The command completed successfully LSNRCTL> save_config -->注意此处的save_config失败 Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) TNS-01169: The listener has not recognized the password LSNRCTL> set password -->输入新设定的密码验证 Password: The command completed successfully LSNRCTL> save_config -->再次save_config成功 Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) Saved listener_demo configuration parameters. Listener Parameter File /oracle/network/admin/listener.ora Old Parameter File /oracle/network/admin/listener.bak The command completed successfully -->增加密码之后可以看到listener.ora文件中有一条新增的记录,即密码选项(注:尽管使用了密码管理方式,仍然可以无需密码启动监听) [oracle@test admin]$ more listener.ora #----ADDED BY TNSLSNR 26-JUN-2016 05:12:48--- PASSWORDS_listener_demo = #-------------------------------------------- |
在不使用密码的情况下停止监听
|
1 2 3 4 5 6 |
[oracle@test ~]$ lsnrctl stop listener_demo LSNRCTL for Linux: Version 11.2.0.4.0 - Production on 26-JUN-2016 06:09:51 Copyright (c) 1991, 2006, Oracle Corporation. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) TNS-01169: The listener has not recognized the password -->收到错误信息,需要使用密码认证 |
使用密码停止监听
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[oracle@test ~]$ lsnrctl LSNRCTL> set current_listener listener_demo Current Listener is listener_demo LSNRCTL> stop Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) TNS-01169: The listener has not recognized the password LSNRCTL> set password Password: The command completed successfully LSNRCTL> stop Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) The command completed successfully LSNRCTL> status Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=test)(PORT=1521))) TNS-12541: TNS:no listener TNS-12560: TNS:protocol adapter error TNS-00511: No listener Linux Error: 111: Connection refused Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC))) TNS-12541: TNS:no listener TNS-12560: TNS:protocol adapter error TNS-00511: No listener Linux Error: 2: No such file or directory |
- 本文固定链接: http://www.savedba.com/?p=965
- 转载请注明: 版权所有,文章允许转载,但必须以链接方式注明源地址,否则追究法律责任!
没办法,起码大结局是大圆满