ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » MQSeries OAM security - authorithy to XMITQ

Post new topic  Reply to topic
 MQSeries OAM security - authorithy to XMITQ « View previous topic :: View next topic » 
Author Message
mehedi
PostPosted: Thu Apr 21, 2005 1:07 pm    Post subject: MQSeries OAM security - authorithy to XMITQ Reply with quote

Centurion

Joined: 11 Nov 2001
Posts: 102
Location: PSTech
Hi

If a user(A) has authorithy to put message to an XMITQ (on QM QMX) ,
can this user create a message with the appropriate 'Transmission Header'
and route messages to the queues on destination queue manager(QMY).

Even though this user(A) is not authorized for these actions on the
remote queue defintion on queue manager(QMX).

Thanks

Mehedi
Back to top
View user's profile Send private message MSN Messenger
csmith28
PostPosted: Thu Apr 21, 2005 2:00 pm    Post subject: Reply with quote

Grand Master

Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
Yes but, except under very limited circumstances no user or application should be putting messages directly to an XMITQ and the user would have to be using some sort of code to generate the MQMessageDescriptor. For example they wouldn't be able to use the amqsput or amqsputc sample scripts.

Messages destined for remote MQManagers should generally be addressed to a QRemote Definition.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial.
Back to top
View user's profile Send private message
RogerLacroix
PostPosted: Thu Apr 21, 2005 2:08 pm    Post subject: Reply with quote

Jedi Knight

Joined: 15 May 2001
Posts: 3264
Location: London, ON Canada
Yes. If the user is smart enough to create a message with the transmission header and they have permission to put directly to the XMITQ then the message will travel to the other queue manager.

Users / applications should not be allowed to directly put a message to a XMITQ. Huge security hole if they are allowed.

Applications should either put to a remote queue or to a 'remote queue manager & remote queue name'. Therefore, you can apply the appropriate privileges to the remote queue or qmgr alias.

Regards,
Roger Lacroix
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » MQSeries OAM security - authorithy to XMITQ
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.