| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| How to enforce AMS from client perspective |
« View previous topic :: View next topic » |
| Author |
Message
|
| marc.CH |
 Posted: Fri Feb 14, 2025 1:04 am Post subject: How to enforce AMS from client perspective |
 |
|
Newbie
Joined: 23 Apr 2024
Posts: 8
Location: Geneva,CH
|
The aim of AMS is to avoid MQ administrators to have access of the message content.
But AMS is activated at MQ server side for each required queue.
At MQ client side, I have no clue if AMS is really activated or not.
Therefore, once everyting is up and running with AMS, a malicious admin my just remove the security policies and get access to the message content.
Questions :
How to enforce AMS or check that AMS is still active from mq client ?
How to restrict access to the command line setmqspl / runmqsc SET POLICY ?
Thanks for you help |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Feb 15, 2025 4:18 pm Post subject: Re: How to enforce AMS from client perspective |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| marc.CH wrote: |
The aim of AMS is to avoid MQ administrators to have access of the message content.
But AMS is activated at MQ server side for each required queue.
At MQ client side, I have no clue if AMS is really activated or not.
Therefore, once everyting is up and running with AMS, a malicious admin my just remove the security policies and get access to the message content.
Questions :
How to enforce AMS or check that AMS is still active from mq client ?
How to restrict access to the command line setmqspl / runmqsc SET POLICY ?
Thanks for you help |
Hi Mark,
How do you trust your OS admins that they are doing the right thing?
The same way in MQ you can turn on the change control and have any before and after image of an object sent to a queue. You can then have that queue's messages processed by the auditors... but then again an admin could well turn that off...
You just have to have a minimum of trust and faith... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| marc.CH |
| Posted: Tue Feb 18, 2025 5:33 am Post subject: |
|
|
Newbie
Joined: 23 Apr 2024
Posts: 8
Location: Geneva,CH
|
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 18, 2025 8:51 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
I don't find your idea https://ideas.ibm.com/
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| marc.CH |
| Posted: Tue Feb 18, 2025 8:56 am Post subject: |
|
|
Newbie
Joined: 23 Apr 2024
Posts: 8
Location: Geneva,CH
|
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 18, 2025 11:07 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Yep. Usual and expected reply from IBM - we'll look into this for a future release.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
