| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Restricting Access to Cluster Queues from remote systems |
« View previous topic :: View next topic » |
| Author |
Message
|
| kylewatson |
 Posted: Fri Apr 11, 2003 12:58 pm Post subject: Restricting Access to Cluster Queues from remote systems |
 |
|
Newbie
Joined: 11 Apr 2003
Posts: 1
|
Hi. Has anyone considered a security forum here? It seems like a good idea to me 
I'm wondering if anyone out there has tested this:
I have a BEA WebLogic Server with JMS. We're using an MQ Clustered infrastructure. Is there a way to authorize access from the Process User ID level on a remote system's Queue manager that connects to a cluster queue - without using channel exits? Can I use Identity Context/UserIdentifier for this?
Basically - if I setmqaut on the cluster queue, and I send the UserIdentifier from the sending system, will the target server's OAM in the custer queue manager authorize me based on the UserIdentifier?
If this is even possible, does it still work when initiating from a JMS environment?
Thanks. |
|
| Back to top |
|
 |
| oz1ccg |
| Posted: Mon Apr 14, 2003 1:00 pm Post subject: |
|
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
First I think it might be a good idea with a security forum, but mostly it's a also install/configuration but on the other hand I think it should stay here.
On especially JMS security I'm currently not updated regarding to penetration test/assults. But for a common MQI application it's possible to set any variable in the MQMD if the security is poor configured, or it's possible for somebody with bad intensions... Next issue here is are you allowing everybody on your LAN to join ? (If you have one user which is local adm, and have a qmgr, he can create a local account on his machine and act as you on the MQ-infrastructure...  I DID IT MYSELF within 5 minutes to proof it.
You are saying you're using a MQ clustered configuration, how do you protect your cluster from intruders: SSL or security exit ? Because your full-repository are polight and answers any joining qmgr, that want to join your cluster 
There are a pretty good manual and some redbooks/redpieces explaining how to understand and configure the security in WebSphere MQ available from IBM.
I have created a small note on this topic on my homepage:
http://d1o111.dk.telia.net/~u149101068/Cluster_security1.htm
It's my intension to add link to the IBM security papers and manual references in the future.
NEW: Links to the security manual and a redpiece describing security was added.
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
