ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ Security configuration related to user identifier

Post new topic  Reply to topic
 MQ Security configuration related to user identifier « View previous topic :: View next topic » 
Author Message
nancyk
PostPosted: Thu Feb 27, 2003 7:47 pm    Post subject: MQ Security configuration related to user identifier Reply with quote

Newbie

Joined: 12 Feb 2003
Posts: 7
We are just getting started with JMS and are trying to get an understanding of security. We ran a JMS application under Websphere 4.0 on AIX and accessed a local queue manager on the same box. The JMS app successfully put to a queue but but we are confused as to why it ran with the mqm useridentifier. We expected this app to get a 2035 since we had not set up the proper security. Any ideas?

Nancy
Back to top
View user's profile Send private message
vennela
PostPosted: Fri Feb 28, 2003 7:39 am    Post subject: Reply with quote

Jedi Knight

Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
That's right.
user "mqm" has complete authority on all MQ objects. So your app shouldn't fail.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
vmcgloin
PostPosted: Fri Feb 28, 2003 8:31 am    Post subject: Reply with quote

Knight

Joined: 04 Apr 2002
Posts: 560
Location: Scotland
Are you using a client connection? Is the mcauser field for the SVRCONN channel blank, or 'mqm'?

Vicky
Back to top
View user's profile Send private message
nancyk
PostPosted: Fri Feb 28, 2003 5:55 pm    Post subject: Reply with quote

Newbie

Joined: 12 Feb 2003
Posts: 7
Yes, we are using mqseries client connection and the mcauser field for the SVRCONN channel is blank. Our Websphere application server runs under userId webapp1. All message generating programs are deployed on this server. I was hoping to see the userIdentifier property of the message as webapp1. Why do I see mqm as the userIdentifer ? Isn't it a security loophole in mqseries?

Please enlighten me.[/i]
Back to top
View user's profile Send private message
kolban
PostPosted: Fri Feb 28, 2003 9:54 pm    Post subject: Reply with quote

Grand Master

Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA
In a JMS application, when you create the QueueConnection by calling the QueueConnectionFactory createQueueConnection() method, you have the option of specifying a userid and password pair. If you do not specify either, then the userid used will be the userid specified in the MCAUSER attribute of the SVRCONN channel definition. If none is specified there, then the userid used will be that running the Listener demon (mqm).

Note that any password specified in the createQueueConnection() method is not authenticated by the IBM's MQ JMS implementation without you implementing your own security exits.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » MQ Security configuration related to user identifier
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.