ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » User Exits » MQ Security Exit

Post new topic  Reply to topic
 MQ Security Exit « View previous topic :: View next topic » 
Author Message
muthum_2000
PostPosted: Thu Oct 08, 2009 11:15 pm    Post subject: MQ Security Exit Reply with quote

Voyager

Joined: 10 Jul 2006
Posts: 85
Guys

In a svrconn application channel, I just wanted to know if the SCYEXIT has (checkuser(checkuser)) and MCAUSER is ( ), SCYDATA is ( ), then the channel is secured or not?

If you say it is secured, how it is validating the data? i.e If someone from app team tries to connect to this channel, how he will be validated and allowed to connect to this channel?? In what way it is authenticating,is it against the oam permissions given to queuemanager for his functional id ?

A sample channel display details,

AMQ8414: Display Channel details.
CHANNEL(xxxxxxxxxxxxxxx) CHLTYPE(SVRCONN)
ALTDATE(xxxxxxxxxxx) ALTTIME(xxxxxxxxxxxx)
COMPHDR(NONE) COMPMSG(NONE)
DESCR(user connections) HBINT(300)
KAINT(AUTO) MAXMSGL(4194304)
MCAUSER( ) MONCHL(OFF)
RCVDATA( ) RCVEXIT( )
SCYDATA( ) SCYEXIT(CheckUser(CheckUser))
SENDDATA( ) SENDEXIT( )
SSLCAUTH(REQUIRED) SSLCIPH( )
SSLPEER( ) TRPTYPE(TCP)

Please advice.
Back to top
View user's profile Send private message
Mr Butcher
PostPosted: Thu Oct 08, 2009 11:42 pm    Post subject: Reply with quote

Padawan

Joined: 23 May 2005
Posts: 1716
checkuser(checkuser)) is not an ibm supplied exit, it is "self written". if you know what the exit is doing, then you know how or if your channel is secure or not.

you got almost the same answer to your question on listserv some days ago, why do you ask the same stuff here instead of following the advice to find out what the exit is doing?
_________________
Regards, Butcher
Back to top
View user's profile Send private message
crossland
PostPosted: Fri Oct 09, 2009 2:38 am    Post subject: Reply with quote

Master

Joined: 26 Jun 2001
Posts: 248
As you have MCAUSER blank, somebody who can get validated by the exit can specify to be whatever userid they want, including mqm.
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Sun Oct 11, 2009 3:41 pm    Post subject: Reply with quote

Jedi Knight

Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
crossland wrote:
As you have MCAUSER blank, somebody who can get validated by the exit can specify to be whatever userid they want, including mqm.


If a security exit defined and you don't know what it does, you can't say anything about MCAUSER, what the client program can specify, or the effective userid that the client will run with. The security exit can override all these things.
_________________
Glenn
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » User Exits » MQ Security Exit
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.