| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Channel Security Exit |
« View previous topic :: View next topic » |
| Author |
Message
|
| amar |
 Posted: Thu Sep 05, 2002 3:05 am Post subject: Channel Security Exit |
 |
|
Apprentice
Joined: 27 Jun 2002
Posts: 45
|
Hi,
We are using MQ5.2 & MQSI 2.1.
Our Application needs to encrypt the messages(for Security reasons),
I looked IBMRedBook MQSeries Security,but it is specifically mentioned only C langulage details of Security Channel Exits,but our client is JAVA, For that any exmples..
can any one help me
amar |
|
| Back to top |
|
 |
| Bill57 |
| Posted: Thu Sep 05, 2002 9:30 am Post subject: Channel Security exits |
|
|
Apprentice
Joined: 26 Jul 2002
Posts: 35
Location: Atlanta, GA
|
My understanding is Server side channel security exits need to be in C, but I am not clear on the client side.
But, if it is encryption you want to do, you cannot do that whit the security exit facility. This is because the Security Exit is called before any data is tranfered across the cannel. Security Exits are th AUTHENTICATE that the two MCA are really who they claim to be, and not an intruder. The "out of the box" security exit MQSeries provides for this uses the DCE security API to do this. Of course that means you have to configure DCE on your platform to use it!  To encrypt the actual data, you need to use the Message Exit.
Cheers
Bill
_________________
Bill Anderson
MQSeries Developer |
|
| Back to top |
|
|
| amar |
| Posted: Fri Sep 06, 2002 12:55 am Post subject: |
|
|
Apprentice
Joined: 27 Jun 2002
Posts: 45
|
Hi Bill
Thanks for your replay,But how to implement DCE API to my programs and also Configuration? i am using JAVA API classes for my application.
Can u give some more detail...
amar |
|
| Back to top |
|
|
| Bill57 |
| Posted: Tue Sep 10, 2002 4:51 am Post subject: |
|
|
Apprentice
Joined: 26 Jul 2002
Posts: 35
Location: Atlanta, GA
|
I have never set up a DCE environment so, I can't be of much help there. Take a look at the Intercommunication manualchapter 35 for details on how DCE works.
Also, in the sample programs folder in your MQSeries directory structure, you will find a file called amqsdsc0.c it the DCE security API calls in it. And keep in mind, I have heard the server side channel exit MUST be written in C. I am not completely sure that is true, and I don't know why, but you should look into that. It may have to do with speed, but because a Security exit is not called often, I doubt thats it.
And one more thing. You dont have to use DCE for your exit. You could, for example, simply have the two exits exchange a user Id and password combination to authenticate the channels. Now, thats not as secure as certificats, or tolkens, but it's better than nothing.
Good Luck
Bill
_________________
Bill Anderson
MQSeries Developer |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
