ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » secure control center connection

Post new topic  Reply to topic
 secure control center connection « View previous topic :: View next topic » 
Author Message
lewisleung
PostPosted: Thu Mar 14, 2002 11:21 pm    Post subject: Reply with quote

Novice

Joined: 05 Mar 2002
Posts: 14
Location: Hong Kong
I would like to ensure that only authorized person can use CC to connect configure manager. WMQI doc said we can use security exit. So, I plan following :

1. Change MCAUser of SYSTEM.BKR.CONFIG to a user not authorize to use MQ resources.
2. Client security send logon user id to server security exit
3. Server security exit assign MCAUserIdentifier of MQCD to logon user id. such that only that person can access MQ resources in configure manager.

The security seems depend on whether client has installed the client exit but not the user because anyone can easily set this id. So, is it a workable solution ?

Thanks
Lewis
Back to top
View user's profile Send private message
mpuetz
PostPosted: Sat Mar 16, 2002 3:16 pm    Post subject: Reply with quote

Centurion

Joined: 05 Jul 2001
Posts: 149
Location: IBM/Central WebSphere Services
Hi,

if your client security exit only sends the logon userid
that won't help you much, since that is actually what
the standard client is doing without any security exits
installed. What your exit really needs to do is a real
authentication of your user, e.g. supply a logon is
and a password, so that the server security exit can actually
validate your user is really who he claims to be. Otherwise
someone else may simply set up a local account with any
userid and there you go. You could define a secret handshake
in your exits, so that nobody without access to the source code
of the exits can attach to your client channel. But then,
code can by reverse engineered and then anyone can break in
again. Thus the exchange of some secret key is the only
way to make it really secure.


_________________
Mathias Puetz

IBM/Central WebSphere Services
WebSphere Business Integration Specialist
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » secure control center connection
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.