| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Login for MQ Explorer |
« View previous topic :: View next topic » |
| Author |
Message
|
| ramkris |
 Posted: Wed Oct 24, 2012 6:04 am Post subject: Login for MQ Explorer |
 |
|
Newbie
Joined: 24 Oct 2012
Posts: 2
|
I am Trying to provide a login for MQ Explorer, so that the unauthorised user cannot login to the explorer ...the Server Connection channel does not have the password,but the Client Connection Channel it asks for the password but the wrong password is also accepted.
Need some suggestions and help |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Oct 24, 2012 6:20 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
The password 'sent' down a client channel is only used by any security exits you may have applied to that channel; there are plenty of posts touching on that if you search the board.
In the SVRCONN, use an MCAUSER, SSL, SSLPEER, and a security exit if you feel brave enough to write one, or the freeware BlockIP2 exit, or one from one of the sponsors of this site.
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 24, 2012 6:58 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
This is the big point.
If you secure MQExplorer, you've done nothing to secure the queue manager.
If you secure the queue manager, you've also magically secured MQ Explorer.
Just because I can't log into MQ Explorer doesn't mean I can't send PCF messages to do anything I want to the qmgrs. |
|
| Back to top |
|
|
| ramkris |
| Posted: Wed Oct 24, 2012 7:26 am Post subject: |
|
|
Newbie
Joined: 24 Oct 2012
Posts: 2
|
Yeah, I meant to say provide login password to the Queue Manager through the Explorer,
What are the channels takes the password in order to provide the security..
I am confused let me know best approach to achieve the it.
Thanks |
|
| Back to top |
|
|
| mqjeff |
| Posted: Wed Oct 24, 2012 7:33 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
MQ doesn't enforce passwords.
At all.
Stop thinking in terms of passwords.
Really!
Go back to the basics. Review *MQ* SECURITY. Learn how that works.
Again, review previous posts here on MCAUSER, SSL and SSLPEER.
Review the new options in v7.1 and later to SET CHLAUTH.
But stop thinking in terms of passwords! A password is only as secure as the piece of paper it's written down on. (to be fair, an SSL cert is only as secure as the thumbdrive it's saved to...) |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 24, 2012 8:01 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Authority to execute a program is granted/denied by the platform o/s.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Oct 24, 2012 8:10 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| ramkris wrote: |
| Yeah, I meant to say provide login password to the Queue Manager through the Explorer, |
You don't log onto a queue manager. You connect to it.
By default, the queue manager will only check the supplied user id.
You can take a number of additional actions to increase the level of security and checking the queue manager performs. Some include the user of a password, none of them are as simple as just passing the password to the queue manager.
| ramkris wrote: |
| I am confused let me know best approach to achieve the it. |
The best approach is to read, research and understand how WMQ provides security. It's not a simple topic, nor is it a single action.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
