If a password is not set on the Listener, someone who knows just a hostname and port number (default port is 1521) has full control over the Listener.
They can do the following:
- Stop the Listener
- Set a password and prevent others from controlling the Listener
- Write trace and log files to any file accessible to the process owner of tnslnsr (usually oracle)
- Obtain detailed information on the Listener, database, and application configuration
To password protect your listener, perform the following as your Oracle user:
$ lsnrctl LSNRCTL> change_password Old password: <press enter here> New password: <enter new password> Reenter new password: <reenter password>