Major New Features of Oracle Net Services 9i Release 2:
Oracle Net Services Aliases, the alternative service names for any defined net service name or database service, can be stored in an OID server today to allow clients to use the alternatives connecting to the databases. With aliases support, if a net service name or database service's information changes, the information only needs to be updated in one place, the original service name registration. The administrators can create, modify, and delete aliases through Oracle Net Manager.
The existing global database link in Oracle Names servers, a pointer that defines a one-way communication path from an Oracle database to another database, can be migrated from Oracle Names servers, and is supported in Directory naming. However, authentication (user names/passwords) of global database links, if it is set up in Oracle Names, is not supported in Directory Naming.
Directory Naming Access Control
To enhance the security mechanism for Oracle Net Services Directory Naming, Oracle has implemented a set of new mechanisms to tighten access control, as listed below:
The members of OracleNetAdmins group can only add entries of Oracle Net Services Names and Oracle Net Services Aliases in a given OracleContext.
An administrator can assign a group of users to manage members of the OracleNetAdmins group, so that only the designated group has the rights to manage members of the OracleNetAdmins group. Thus, it separates users who manage Oracle Net Services entries from the users who add members to OracleNetAdmins group.
Unauthorized access to the listener or database server can result in denial of service attacks (DoS), whereby unauthorized or malicious clients attempt to block authorized users’ ability to access and use the system when needed. In an ongoing effort to strengthen networking security, the following new enhancements are available:
1. Two new parameters have been introduced ( inbound_connect_timeout_ listener_name and sqlnet.inbound_connect_timeout ) that enable you to limit resource consumption by unauthorized users. These parameters constraint the amount of time in which resources can be held prior to authentication. Attempts to exceed the configured limit will result in connection termination and an audit trail containing the IP address of the clients being logged.
2. The listener control utility status command is now a privileged command, requiring set password command when a password is set.
Oracle Net Services provides a new tool called the Trace Assistant to help you understand the information provided in trace files by converting existing lines of trace file text into a more readable paragraph.
Major New Features of Oracle Net Services 9i Release 1:
Post Oracle9i (e.g., 10i), Oracle Names will not be supported as a centralized naming method. As Oracle Names is deprecated in favor of directory naming with LDAP-compliant directory servers, Oracle Names LDAP Proxy servers provide a way for release 8.1.5 or previous clients that do not support directory naming to use the same data as is used for directory naming. Oracle Names LDAP Proxy servers are Oracle Names servers that have been configured to proxy for LDAP-compliant directory servers. Upon startup, Oracle Names LDAP Proxy servers obtain network object information from a directory server. This provides a single point of definition for all data in a directory server and does not require that both Oracle Names servers and directory servers be maintained separately and simultaneously.
Configurations that use dedicated servers can now use the following connection load
balancing feature connecting to the least loaded instance. This feature was previously available only for shared server configurations.
A listener selects an instance in the following order for a dedicated server configuration:
1. Least loaded node
2. Least loaded instance