Author |
Message
|
akidase |
Posted: Tue Jul 12, 2011 10:46 pm Post subject: Handling Sensitive Information in Message Flows |
|
|
Centurion
Joined: 10 Jan 2011 Posts: 124
|
Experts,
Please let me know the best way to handle sensitive information that is passing though message broker. |
|
Back to top |
|
 |
skoobee |
Posted: Tue Jul 12, 2011 11:02 pm Post subject: |
|
|
Acolyte
Joined: 26 Nov 2010 Posts: 52
|
|
Back to top |
|
 |
akidase |
Posted: Tue Jul 12, 2011 11:18 pm Post subject: |
|
|
Centurion
Joined: 10 Jan 2011 Posts: 124
|
I mean to say which includes Non Public Personal Information. |
|
Back to top |
|
 |
lancelotlinc |
Posted: Wed Jul 13, 2011 4:28 am Post subject: |
|
|
 Jedi Knight
Joined: 22 Mar 2010 Posts: 4941 Location: Bloomington, IL USA
|
If you are dealing with HIPAA infos or Credit Card infos, they must be encrypted during transmission. _________________ http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
Back to top |
|
 |
Vitor |
Posted: Wed Jul 13, 2011 5:04 am Post subject: Re: Handling Sensitive Information in Message Flows |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
akidase wrote: |
Please let me know the best way to handle sensitive information that is passing though message broker. |
Do you mean while it's passing through broker, or while it's being transmitted to/from broker? The latter isn't really broker's responsibility and relies on the encryption capability of the transport mechanism in use.
Whilst it's in-flight in broker, you'd do whatever you do with any application (Java, C, whatever) to ensure data security. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
lancelotlinc |
Posted: Wed Jul 13, 2011 5:07 am Post subject: |
|
|
 Jedi Knight
Joined: 22 Mar 2010 Posts: 4941 Location: Bloomington, IL USA
|
Sir Vitor, I think that configuration of flows is needful, don't you? For example, specifying HTTPS rather than HTTP on the SoapInput node. And the mqsichangeproperties for configuring the ports on a particular broker. What's your opinion? _________________ http://leanpub.com/IIB_Tips_and_Tricks
Save $20: Coupon Code: MQSERIES_READER |
|
Back to top |
|
 |
akidase |
Posted: Wed Jul 13, 2011 5:15 am Post subject: |
|
|
Centurion
Joined: 10 Jan 2011 Posts: 124
|
Quote: |
Do you mean while it's passing through broker, |
Yes passing through broker.
Quote: |
you'd do whatever you do with any application |
Should this be handled at the application level
Or
Is it better to handle it using a common flow which takes the entire input and masks some elements based on xpaths stored in database. This makes it generic to all the interfaces.
Pls suggest ur thoughts on this. Thanks for responding. |
|
Back to top |
|
 |
Vitor |
Posted: Wed Jul 13, 2011 5:21 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
lancelotlinc wrote: |
Sir Vitor, I think that configuration of flows is needful, don't you? |
No more than for any other flow. If you want security of data in flight, you need to design for HTTPS, file encryption, message encryption, etc, etc. The fact that you need to configure the flow to correctly receive the data is both true and redundant; you need to correctly configure the flow to receive anything.
And it seems the OP is more worried about data inside broker, rather than getting to or from it. So it's going to be a bit off configuring the flow to use HTTPS if the sending application is (stupidly) using HTTP.
So I don't see the point you're making about configuration. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
akidase |
Posted: Wed Jul 13, 2011 5:25 am Post subject: |
|
|
Centurion
Joined: 10 Jan 2011 Posts: 124
|
Quote: |
And it seems the OP is more worried about data inside broker, rather than getting to or from it. |
Yes Vitor, you are right. |
|
Back to top |
|
 |
Vitor |
Posted: Wed Jul 13, 2011 5:26 am Post subject: |
|
|
 Grand High Poobah
Joined: 11 Nov 2005 Posts: 26093 Location: Texas, USA
|
akidase wrote: |
Pls suggest ur thoughts on this. Thanks for responding. |
So you don't actually mean securing data inside broker, you mean securing data as it passes through broker and out to given interfaces?
This is a design question to which there is no right answer; only you know which interfaces need which data. If there's sensitive data that needs to be removed for all cases then yes, masking those elements with a generic flow makes sense. If an interface (or a future interface) needs that data you can't use that method.
It all depends.
Personally I'd secure the data in-flight and in the consuming applications, but I know that's not a view shared by all in here. And I'm not convinced they're wrong in all circumstances. _________________ Honesty is the best policy.
Insanity is the best defence. |
|
Back to top |
|
 |
|