| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WMQ Client Security authentiction |
« View previous topic :: View next topic » |
| Author |
Message
|
| prince_mq |
 Posted: Thu Jun 14, 2007 2:19 am Post subject: WMQ Client Security authentiction |
 |
|
Voyager
Joined: 10 Aug 2006
Posts: 76
|
Hi,
What is the best approch for authenticating a WMQ client user on Server side? Is it using OAM or Security Exit or SSL ??
Also, we have generic userID which will be shared accross different application sites, when a application sites connects to a qmgr, Is it possible to restict the access on a queue to that particular application site, it shouldn't able to access other queues with same userID ? |
|
| Back to top |
|
 |
| Vitor |
| Posted: Thu Jun 14, 2007 2:22 am Post subject: Re: WMQ Client Security authentiction |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| prince_mq wrote: |
| What is the best approch for authenticating a WMQ client user on Server side? Is it using OAM or Security Exit or SSL ?? |
Search the forum. The pros and cons of the various methods have been discussed many times.
| prince_mq wrote: |
Also, we have generic userID which will be shared accross different application sites, when a application sites connects to a qmgr, Is it possible to restict the access on a queue to that particular application site, it shouldn't able to access other queues with same userID ? |
The OAM can be used to restrict a given (generic) user id to only access specific queues.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Thu Jun 14, 2007 9:39 am Post subject: Re: WMQ Client Security authentiction |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| prince_mq wrote: |
| What is the best approch for authenticating a WMQ client user on Server side? Is it using OAM or Security Exit or SSL ?? |
OAM does only Access Control List (ACL). It does not do authentication.
| prince_mq wrote: |
| Also, we have generic userID which will be shared accross different application sites, when a application sites connects to a qmgr, |
Bad, very bad design. Each application should be using their own UserId. Think of how you setup your database - do all application accessing the DB use the same UserId? I think not.
| prince_mq wrote: |
| Is it possible to restict the access on a queue to that particular application site, it shouldn't able to access other queues with same userID ? |
What?!?  SSL or a security exit can't read minds.
Look at it this way: You tell everyone in the world to wear blue plants. Next you tell the bouncer / doorman at a night club to allow in ONLY people with blue pants. So everyone gets in and parties!!!  Hence, there is no point to bouncer / doorman - hence, no security.
SSL is a good node-to-node security method ONLY if the nodes are completely locked down.
If you want proper end-to-end security for MQ then you have 3 choices:
1. Capitalware's MQ Authenticate User Security Exit
2. IBM's WebSphere MQ Extended Security Edition V6
3. Primeur's Data Secure for WebSphere MQ
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
