| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
| MCA User ID |
« View previous topic :: View next topic » |
| Author |
Message
|
| zpat |
 Posted: Wed Mar 23, 2011 8:37 pm Post subject: |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| gbaddeley wrote: |
| phani_16 wrote: |
"Jeff: If you set MCAUSER to 'junk', then I can not use this channel to connect as any user other than 'junk', and will only and always have the permissions given to the user 'junk'. "
If this is the case,then i should get an error for the all other user ids set from the client applications for which i connect to this channel. |
No error is generated. If MCAUSER is set on the SVRCONN, any setting made by the client app is silently ignored.
Unless you also use a security exit &/orr SSL, do not design apps that require a MQ client userid to be set in the app. It is a major security risk because it is too easy to abuse and obtain full admin rights to the Queue Manager and access any queue. |
You can use the free exit BlockIP2 to overcome this. With appropriate settings it will allow the MCAUSER on the channel to be left as "junk", but allow the incoming MQ connection id to override this, whilst at the same time preventing the use of powerful admin ids for connections.
This is not as good as full SSL certificated access, but it's a lot better than blocking all access, or allowing all access. If you want an example of the parameters (for BlockIP2) that will do this, please ask. |
|
| Back to top |
|
 |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
