ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Any known security holes when using MCAUSER on channels

Post new topic  Reply to topic
 Any known security holes when using MCAUSER on channels « View previous topic :: View next topic » 
Author Message
hilltops
PostPosted: Thu Jul 13, 2006 6:03 am    Post subject: Any known security holes when using MCAUSER on channels Reply with quote

Centurion

Joined: 01 Mar 2006
Posts: 112
Are there any known security compromises for channels with the MCAUSER attribues set to non-blank for a server connection channel? It appears obvious that if a miscreant if to learn the value of the mcauser and the svrconn name they would have clear access to the queue manager from a client instance. Would having the channel SSL'ed strengthen the security of the channel?

Thankx
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Jul 13, 2006 6:14 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
If the MCAUSER attribute is non-blank, the client application doesn't need to know it to use the channel. All that happens is that the client application runs under the authority of that user id, with all the restrictions that may apply. This is usually considered a good thing as it stops every Tom, Dick or Harry who can spell SYSTEM.DEF.SVRCONN getting full access to the system.

(They do need to know the port number of the listener of course. Finding this out is not hard.)

Security Exits and SSL do provide additional and more granular security. There are a number available (in addition to rolling your own), including this one:http://www.mqseries.net/phpBB2/viewtopic.php?t=21334
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
LuisFer
PostPosted: Thu Jul 13, 2006 10:00 am    Post subject: Reply with quote

Partisan

Joined: 17 Aug 2002
Posts: 302
And protect the AlternateUserid after MQCONN(x)
Back to top
View user's profile Send private message
mvic
PostPosted: Thu Jul 13, 2006 12:55 pm    Post subject: Re: Any known security holes when using MCAUSER on channels Reply with quote

Jedi

Joined: 09 Mar 2004
Posts: 2080
hilltops wrote:
...
security
...

What are your security requirements?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » Any known security holes when using MCAUSER on channels
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.