Using Class of Secure Transport (COST) to Restrict Instance Registration
(Doc ID 1453883.1)
Last updated on MAY 31, 2020
Applies to:Oracle Database - Enterprise Edition - Version 10.2.0.3 to 184.108.40.206 [Release 10.2 to 11.2]
Oracle Net Services - Version 10.2.0.3 to 220.127.116.11 [Release 10.2 to 11.2]
Information in this document applies to any platform.
To demonstrate how the COST parameter "SECURE_REGISTER_listener_name =" is used to restrict instance registration with database listeners. With this COST restriction in place only local instances will be allowed to register. These instructions can be used to address the issues published in Oracle Security Alert CVE-2012-1675 by using COST to restrict connections to only local instances.
The class of secure transports (COST) parameters specify a list of transports that are considered secure for administration and registration of a particular listener. The COST parameters identify which transports are considered secure for that installation and whether the administration of a listener requires secure transports. COST will not affect client connections utilizing other protocols. For more details and for information about other available COST parameters please see the 11.2 Network Administrators Guide and Network Reference.
About the IPC Protocol
IPC protocol support is similar to BEQ protocol support in that it can only be used when the client program and the Oracle server are installed on the same system. IPC protocol support differs from BEQ protocol support in that it can be used with Oracle Shared Server configurations. IPC protocol support requires a listener for its operation. For more information about IPC please see Doc ID 29232.1 "IPC Explained".
Oracle versions that support COST
Although not documented in the Oracle 10g Network Administration Guides COST parameters and functionality are supported as of 10.2.0.3.
For more information information about "Valid Node Checking for Registration" in 18.104.22.168 and 12c please reference the following links:
Oracle Net 12c: Valid Node Checking For Registration (VNCR) (Doc ID 1600630.1)
Oracle® Database Net Services Reference
12c Release 1 (12.1)
New features overview
Oracle® Clusterware Administration and Deployment Guide
12c Release 1 (12.1)
SCAN Listeners and Service Registration Restriction With Valid Node Checking
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!
In this Document