| Author |
Message
|
| skiv |
 Posted: Mon Jun 19, 2006 1:17 am Post subject: WebSphere MQ v6.0 security exit help needed |
 |
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
Hi
I would like to ask if there are any security exit codes in C available for connecting clients to the server using username and password? Is it possible to have all the security checks on the server side? As in meaning that clients only need to send username and password to server while server verify it.
Thanks in advance for any help |
|
| Back to top |
|
 |
| Mr Butcher |
| Posted: Mon Jun 19, 2006 2:53 am Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
|
| Back to top |
|
|
| skiv |
| Posted: Mon Jun 19, 2006 4:34 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
thanks for the advice... I went to look at the BlockIP and to what i understand it allows or blocks certain IP address. Please correct me if I`m wrong.
For my concept is all clients can try to connect, but only those tat sends the correct username and password can connect. I`m not sure how I can change the codes in BlockIP to suit my concept. Please advise on that.
Right now I got a code that implement this but with lots of problems. First thing is that my client side also have a security exit code besides my server side. What I want is actually all exit codes to be at the server side only.
Secondly I can able or disable the security function in my client side, so if i enable it, the whole thing works. It authenticate for the username and password. However if I disable it, it seems like i can just connect to server with some default password and username which i do not know from where.
Sorry for the whole messy describtion as I`m still very new to the MQ. Thanks alot for the help |
|
| Back to top |
|
|
| kevinf2349 |
| Posted: Mon Jun 19, 2006 4:56 pm Post subject: |
|
|
Grand Master
Joined: 28 Feb 2003
Posts: 1311
Location: USA
|
There is no point in having an MQ Client if it can't connect.
Couldn't the client application check the userid and password and then (if it all authenicates) make the connection through the MQ Client?
BlockIP will help at the server end to make sure to keep out 'intruders'  |
|
| Back to top |
|
|
| skiv |
| Posted: Mon Jun 19, 2006 7:23 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
oh... the purpose is actually to make the server robust. When all the checking is done on the server side, i can write any client and connect it to the server juz by sending the right username and password.
In this way, it will be a lot more convenient as any of the authorized ones can use the server with the clients they wrote as long as they know how to send the username and password to server. They need not really know more into MQ |
|
| Back to top |
|
|
| skiv |
| Posted: Mon Jun 19, 2006 7:38 pm Post subject: |
|
|
Apprentice
Joined: 19 Jun 2006
Posts: 33
|
sorry to add on the idea is also to add on to the security... coz anyone can juz write their own client and connect to the server since the criteria needed to do the connections can all be easily checked out....
I know this is where the BlockIP should come in, but if we dun know the intruder's IP before hand we cant block them right. And if we choose to only allow IPs of those authorized party, everytime we add a client we got to change the code to add a new IP... this makes it not really very robust...
Hope my understanding of BlockIP is not wrong.... |
|
| Back to top |
|
|
| Mr Butcher |
| Posted: Mon Jun 19, 2006 9:29 pm Post subject: |
|
|
Padawan
Joined: 23 May 2005
Posts: 1716
|
why dont you read some more about blockip? it does much more than only blocking ip adresses.
_________________
Regards, Butcher |
|
| Back to top |
|
|
| RogerLacroix |
| Posted: Mon Jun 19, 2006 9:33 pm Post subject: |
|
|
Jedi Knight
Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
|
| skiv wrote: |
| For my concept is all clients can try to connect, but only those tat sends the correct username and password can connect. I`m not sure how I can change the codes in BlockIP to suit my concept. Please advise on that. |
BlockIP does NOT support UserId and password verification / authentication. It can match patterns against a UserId and / or IP address and / or SSL parameters, but this is not authentication.
<Vendor_Plug>
If you want a very robust / cross-platform MQ security solution that can do full client authentication then I suggest you have a look at MQ Authenticate User Security Exit.
http://www.capitalware.biz/mqausx_overview.html
</Vendor_Plug>
Hope that helps.
Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter |
|
| Back to top |
|
|
|
|
