Secure the Oracle Listener

The Oracle Database Listener is the database server software component that manages the network traffic between the Oracle Database and the client. The Oracle Database Listener listens on a specific network port (default 1521) and forwards network connections to the Database. One of the most misunderstood security issues with the Oracle Database is the security of the Listener.


The listener is one of the most critical components to database operations;

• It is responsible for the ability to have a client/server communication
• In dedicated mode it is responsible for creating a new process (or thread on Windows) on behalf of the client and setting up the communications
• On Windows each such server process actually speaks on a new tcpip port and the listener redirects the client to this port
• On Unix streaming continues on the original port
• The listener forks a new process
• The listener then closes its own fd-s; the new process continues to speak on the fd-s
• In MTS the listener is responsible to assign and set up the connection with the least loaded dispatcher. The dispatchers get requests from the client and place them on the request queues for the shared server processes, and read responses from the response queues to send to the client