| Author |
Message
|
| oli |
 Posted: Tue Jun 09, 2015 10:58 pm Post subject: BlockIP2 vs. Channel Auth Records |
 |
|
Acolyte
Joined: 14 Jul 2006
Posts: 68
Location: Germany
|
Hi all,
with MQ 7 we were using BlockIP2 and used a configuration to allow access for specific user from specific IPs. I wonder if it's possible to use MQ 8's Channel Auth Records to do the same thing: Allow access from specific IPs only for specific users.
Can anybody answer this question?
Thanks, Oli |
|
| Back to top |
|
 |
| Skalli |
| Posted: Wed Jun 10, 2015 3:37 am Post subject: |
|
|
Newbie
Joined: 08 Jun 2015
Posts: 5
|
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 10, 2015 4:33 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
Or any of the links Morag (the author) has posted on this forum to her other materials. Which are universally excellent on this subject.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| oli |
| Posted: Wed Jun 10, 2015 9:10 am Post subject: |
|
|
Acolyte
Joined: 14 Jul 2006
Posts: 68
Location: Germany
|
But as far as I see the type ADDRESSMAP only takes into account the IP address from where the connection is initiated, not the IP address in combination with the provided user id. In BlockIP2 I can map an IP/user combination to an MCA user ...
Am I wrong? |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 10, 2015 9:27 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| oli wrote: |
| In BlockIP2 I can map an IP/user combination to an MCA user ... |
And you can do the same with channel authority records. Maybe not a single record.....
Question - why would you test a user again an IP address? Is it not restrictive given that many users will be using dynamic IP addresses? What has led you to this choice over (for example) SSL?
I'm wondering if there's another way to achieve your requirement more simply.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jun 10, 2015 9:48 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20696
Location: LI,NY
|
| oli wrote: |
But as far as I see the type ADDRESSMAP only takes into account the IP address from where the connection is initiated, not the IP address in combination with the provided user id. In BlockIP2 I can map an IP/user combination to an MCA user ...
Am I wrong? |
In the usermap specify an IP or IP range. This should do it for you.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| oli |
| Posted: Wed Jun 10, 2015 10:10 am Post subject: |
|
|
Acolyte
Joined: 14 Jul 2006
Posts: 68
Location: Germany
|
@Vitor
SSL is not really an option in our environment. The user/IP check is sufficient for us as it is not a production environment.
@fjb_saper
I will check this.
Thanks |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jun 10, 2015 10:39 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| oli wrote: |
@Vitor
SSL is not really an option in our environment. The user/IP check is sufficient for us as it is not a production environment. |
SSL is easier if it's non-Prod; you can create your own CA....
...but whatever works for you....
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
|
|
