| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| MQ Security |
« View previous topic :: View next topic » |
| Author |
Message
|
| pmane |
 Posted: Tue Oct 30, 2001 10:57 pm Post subject: |
 |
|
Acolyte
Joined: 17 Oct 2001
Posts: 50
|
1. I am working on MQ 5.2 for Solaris. I understand that MQ dose not provide any security on its own . I will need a DCE 3.1 for doing same. DCE provides authentication for the MQ users . Dose any one know any thing else other than DCE which can provide me with server to server authentication with out using DCE ?
2. Can I download DCE 3.1 for Solaris ? Where is the link for the same ?
3. Is MQ secure enough to be used in financial applications ?
4. Which encryption algos are used by the user exists supplied with DCE ? If I want to write my own user exist in Java in binding mode can I do that ?
|
|
| Back to top |
|
 |
| middlewareonline |
| Posted: Wed Oct 31, 2001 9:09 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2001
Posts: 73
|
1. I am working on MQ 5.2 for Solaris. I understand that MQ dose not provide any security on its own . I will need a DCE 3.1 for doing same. DCE provides authentication for the MQ users . Dose any one know any thing else other than DCE which can provide me with server to server authentication with out using DCE ?
You could write your own stuff in Security Exits.
2. Can I download DCE 3.1 for Solaris ? Where is the link for the same ?
You may have to buy it. It is NOT free.
3. Is MQ secure enough to be used in financial applications ?
Depends what the requirements are. Not all the Financial institutions are alike.
4. Which encryption algos are used by the user exists supplied with DCE ? If I want to write my own user exist in Java in binding mode can I do that ?
Yes you can. Buy RSA kit to do whatever others are doing on your own. Or I can do it for you .....
Chris
MiddlewareOnline.COM |
|
| Back to top |
|
|
| pmane |
| Posted: Wed Oct 31, 2001 6:38 pm Post subject: |
|
|
Acolyte
Joined: 17 Oct 2001
Posts: 50
|
Thanks for your reply. But can you please make few more things clear .
1.Security exits are for encryption . I want something for user authentication. And I would like it to be more secure than simple static password verification. Can I make use of digital certificates to identify the server ?What I understand is DCE is some thing close to what I want but am not sure if any other product exists ?
2.I understand that DCE 3.1 will cost me some thing , but what I do not understand is can I get a trail download on IBM web-site ? I have searched for it and I am not able to get one . All I get is Fix’s for the same.
3.My financial application is doing funds transfer via MQ messages on internet (with Ipsec) . My only worry is any one can request the funds transfer if he is having valid information of the system.
4.I understand that I can use RSA BSAFE Crypto J , what I am not clear is how much DCE will do ? I need 3DES or RC4 128 bits . I am not getting any documentation which mentions that this is possible with DCE.
|
|
| Back to top |
|
|
| kolban |
| Posted: Wed Oct 31, 2001 7:00 pm Post subject: |
|
|
Grand Master
Joined: 22 May 2001
Posts: 1072
Location: Fort Worth, TX, USA
|
You said:
1.Security exits are for encryption . I want something for user authentication. And I would like it to be more secure than simple static password verification. Can I make use of digital certificates to identify the server ?What I understand is DCE is some thing close to what I want but am not sure if any other product exists ?
The security exits can be used in many, many ways. This includes full function authorization using an exchange of information between the requestor and the receiver. Security exits are rarely used for encryption, almost always for authentication services.
For example, an incoming channel connect request arrives, this could trigger the receivers security exit which asks the requestor for more information which it supplies ... this can go back and forth until both parties have mutually authenticated themselves to each other. |
|
| Back to top |
|
|
| middlewareonline |
| Posted: Thu Nov 01, 2001 11:04 am Post subject: |
|
|
Acolyte
Joined: 09 Jul 2001
Posts: 73
|
1. Kolban has answered that
2. You should ask IBM to give you a freebee ( I doubt, but again it's IBM)
3. If your application is doing fund transfer over the internet, I think you are looking for more than DCE. You are looking for Certificates, Cookies, Https Tunneling ( DCE won't give you this).
4. As I said, RSA provides 128 bit all sort of cool encryption including digital certificates.
MiddlewareOnline.COM |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
