ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Handling Sensitive Information in Message Flows

Post new topic  Reply to topic
 Handling Sensitive Information in Message Flows « View previous topic :: View next topic » 
Author Message
akidase
PostPosted: Tue Jul 12, 2011 10:46 pm    Post subject: Handling Sensitive Information in Message Flows Reply with quote

Centurion

Joined: 10 Jan 2011
Posts: 124

Experts,

Please let me know the best way to handle sensitive information that is passing though message broker.
Back to top
View user's profile Send private message
skoobee
PostPosted: Tue Jul 12, 2011 11:02 pm    Post subject: Reply with quote

Acolyte

Joined: 26 Nov 2010
Posts: 52

Sensitively?
Back to top
View user's profile Send private message
akidase
PostPosted: Tue Jul 12, 2011 11:18 pm    Post subject: Reply with quote

Centurion

Joined: 10 Jan 2011
Posts: 124

I mean to say which includes Non Public Personal Information.
Back to top
View user's profile Send private message
lancelotlinc
PostPosted: Wed Jul 13, 2011 4:28 am    Post subject: Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

If you are dealing with HIPAA infos or Credit Card infos, they must be encrypted during transmission.
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
Vitor
PostPosted: Wed Jul 13, 2011 5:04 am    Post subject: Re: Handling Sensitive Information in Message Flows Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

akidase wrote:
Please let me know the best way to handle sensitive information that is passing though message broker.


Do you mean while it's passing through broker, or while it's being transmitted to/from broker? The latter isn't really broker's responsibility and relies on the encryption capability of the transport mechanism in use.

Whilst it's in-flight in broker, you'd do whatever you do with any application (Java, C, whatever) to ensure data security.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
lancelotlinc
PostPosted: Wed Jul 13, 2011 5:07 am    Post subject: Reply with quote

Jedi Knight

Joined: 22 Mar 2010
Posts: 4941
Location: Bloomington, IL USA

Sir Vitor, I think that configuration of flows is needful, don't you? For example, specifying HTTPS rather than HTTP on the SoapInput node. And the mqsichangeproperties for configuring the ports on a particular broker. What's your opinion?
_________________
http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER
Back to top
View user's profile Send private message Send e-mail
akidase
PostPosted: Wed Jul 13, 2011 5:15 am    Post subject: Reply with quote

Centurion

Joined: 10 Jan 2011
Posts: 124

Quote:
Do you mean while it's passing through broker,

Yes passing through broker.

Quote:
you'd do whatever you do with any application


Should this be handled at the application level
Or
Is it better to handle it using a common flow which takes the entire input and masks some elements based on xpaths stored in database. This makes it generic to all the interfaces.

Pls suggest ur thoughts on this. Thanks for responding.
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Jul 13, 2011 5:21 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

lancelotlinc wrote:
Sir Vitor, I think that configuration of flows is needful, don't you?


No more than for any other flow. If you want security of data in flight, you need to design for HTTPS, file encryption, message encryption, etc, etc. The fact that you need to configure the flow to correctly receive the data is both true and redundant; you need to correctly configure the flow to receive anything.

And it seems the OP is more worried about data inside broker, rather than getting to or from it. So it's going to be a bit off configuring the flow to use HTTPS if the sending application is (stupidly) using HTTP.

So I don't see the point you're making about configuration.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
akidase
PostPosted: Wed Jul 13, 2011 5:25 am    Post subject: Reply with quote

Centurion

Joined: 10 Jan 2011
Posts: 124

Quote:
And it seems the OP is more worried about data inside broker, rather than getting to or from it.


Yes Vitor, you are right.
Back to top
View user's profile Send private message
Vitor
PostPosted: Wed Jul 13, 2011 5:26 am    Post subject: Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA

akidase wrote:
Pls suggest ur thoughts on this. Thanks for responding.


So you don't actually mean securing data inside broker, you mean securing data as it passes through broker and out to given interfaces?

This is a design question to which there is no right answer; only you know which interfaces need which data. If there's sensitive data that needs to be removed for all cases then yes, masking those elements with a generic flow makes sense. If an interface (or a future interface) needs that data you can't use that method.

It all depends.

Personally I'd secure the data in-flight and in the consuming applications, but I know that's not a view shared by all in here. And I'm not convinced they're wrong in all circumstances.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Handling Sensitive Information in Message Flows
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.