Document Type | Technical Information
Category | Security
Applicable Product Versions | Tibero6, Tibero7
Document Number | TSETI022
Overview
| Category | Inspection Item | Importance | Code |
|---|---|---|---|
| Access Management | Restrict remote access to the DB server | High | D-05 |
| Prevent unauthorized users other than DBA from accessing system tables | High | D-06 | |
| Set a password for the listener in Oracle Database | High | D-07 | |
| Remove unnecessary ODBC/OLE-DB data sources and drivers that are not in use | Medium | D-14 | |
| Is a lockout policy set after a certain number of login failures? | Medium | D-15 | |
| Set the DB account umask to 022 or higher to protect key database files? | Low | D-16 | |
| Are access permissions set for key files such as main database configuration files and password files? | Medium | D-17 | |
| Can users other than administrators modify listener logs and trace files via Oracle listener connections? | Low | D-18 |
This document describes security vulnerability countermeasures for the Access Management - Setting a Password for the Listener in Oracle Database (D-07) item.
Inspection Purpose
- Even if the listener owner is not a DBA, they can stop the listener or create arbitrary files on the database server. Using the lsnrctl utility remotely, it is possible to modify the listener configuration file (listener.ora). Therefore, a password must be set on the listener to prevent unauthorized modification.
Inspection Criteria
| Criteria | Details |
|---|---|
| Good | A password is set for the listener |
| Vulnerable | No password is set for the listener |
Method
- Tibero's listener operates differently from Oracle; it runs together with the database process.
- The listener starts and stops along with the database according to the startup/shutdown procedure, and there is no separate password setting for the listener.
- Therefore, the `D-07` security vulnerability does not apply to Tibero.