ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » WMB Sercurity identities - Best Practice

Post new topic  Reply to topic
 WMB Sercurity identities - Best Practice « View previous topic :: View next topic » 
Author Message
tekt9
PostPosted: Wed Mar 13, 2013 4:39 am    Post subject: WMB Sercurity identities - Best Practice Reply with quote

Novice

Joined: 13 Aug 2012
Posts: 15
Hi

I recently created a flow wherein I used an FileOutPutNode to write data to a FTP-server.

The flow had to login to the server so I created a security identity with the user and pass. In the future we might have several security identities.

How does one keep track of all the security identities that have been created. I haven't been able to find a command which lists them(not the username or password, just the name of the identity). How does one keep track of the security identities that has been created (I do not want to write them down in a textfile).
Back to top
View user's profile Send private message
McueMart
PostPosted: Wed Mar 13, 2013 5:30 am    Post subject: Reply with quote

Chevalier

Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
Im not sure there is a command which lists them! This is probably a good opportunity for an RFE... http://www.ibm.com/developerworks/rfe/?PROD_ID=532


Note that if you go digging (and its clearly not a supported method!), you can find your security identities in the broker registry (on a path like:
C:\ProgramData\Application Data\IBM\MQSI\registry\MB8BROKER\CurrentVersion\DSN).
Back to top
View user's profile Send private message
zpat
PostPosted: Wed Mar 13, 2013 6:21 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5866
Location: UK
Better to use SFTP and set up SSH keys for the broker to use.

Use of FTP and clear text passwords is both highly insecure and liable to break when the password expires or someone changes it.

Also very good practice to define WMB FTP Server configurable service definitions (which includes SFTP), to externalise the details of where it is connecting to away from the message flow.

So, two things for you to work on - Using SFTP with keys and using WMB FTP configurable service definitions.
Back to top
View user's profile Send private message
McueMart
PostPosted: Wed Mar 13, 2013 7:10 am    Post subject: Reply with quote

Chevalier

Joined: 29 Nov 2011
Posts: 490
Location: UK...somewhere
Agree with what zpat said - although note that if you modify any security identities, the EG will need to be restarted to pick up new credentials!

Shameless plug of RFE to create command so this isnt necessary : http://www.ibm.com/developerworks/rfe/execute?use_case=viewRfe&CR_ID=25791
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » WMB Sercurity identities - Best Practice
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.