| Author |
Message
|
| npvmq |
 Posted: Tue Apr 20, 2004 1:28 pm Post subject: Originator IP address for inbound messages |
 |
|
Novice
Joined: 20 Feb 2004
Posts: 10
Location: US
|
Hi,
In my case, I have messages coming from a 3rd party queue manager on to our local queue. Before processing the message, I want to validate the originator IP address from our list of 3rd party IP addresses. We want to discard the message if the IP address does not belong to the list. I am not able to figure out how to get hold of the originator IP address for inbound messages.
Please let me know if it is possible or how.
Thx in advance.
-npvmq |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Tue Apr 20, 2004 1:32 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Actually, I don't think you want to validate the IP address on a message by message basis.
I think you want to make sure that the connections are validated.
SSL is one way to do this.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| npvmq |
| Posted: Tue Apr 20, 2004 3:32 pm Post subject: |
|
|
Novice
Joined: 20 Feb 2004
Posts: 10
Location: US
|
Jeff, As u said I can use the SSL but what if another 3rd party QMB (Assuming QMA is the first 3rd party qmgr and both have SSL channel connection with us) tries to spoof as if it is sending message as QMA.
Our objective is to prevent QMA spoofing as QMB and viceversa. Hence we thought if we had a control on the originator IP address we could control the spoofing.
Thx
-npvmq |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Tue Apr 20, 2004 3:41 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
An IP address can be spoofed also, so thats not really a 100% sure way if authenticating the other side.
SSL is better. QMA at third party #1 has one SSL certificate, QMB at third party #2 has a different one. That keeps each one from being able to impersonate the other, as long as you keep the certificates secure.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Apr 20, 2004 5:47 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Just to clarify a little (hopefully) what Peter is saying.
QMGRA talks to one channel using one certificate.
QMGRB talks to a different channel using a different certificate.
Even if QMGRB learns about QMGRA's channel, as long as he doesn't have the right certificate, he can't connect to it.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
