ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Java / JMS » Secure connetion to QMGR

Post new topic  Reply to topic
 Secure connetion to QMGR « View previous topic :: View next topic » 
Author Message
rajmq
PostPosted: Fri Jul 25, 2003 11:15 pm    Post subject: Secure connetion to QMGR Reply with quote

Partisan

Joined: 29 Sep 2002
Posts: 331
Location: USA
Hi

1.My application Connecting the Qmgr using Jave API.But i feeling this setup is insecure,be'z anybody can connect to using the program.
Any other way is to control one particular userid to access the QMGR and Qmgrs objects.

Any Suggesstions.....

regards
raj
Back to top
View user's profile Send private message
sfari
PostPosted: Mon Jul 28, 2003 5:26 am    Post subject: Reply with quote

Centurion

Joined: 15 Apr 2003
Posts: 144
Hi Raj

A client application connecting to a queue manager can set its userid by himself. So anybody could connect with a userid which belongs to group mqm and then be able to put (and get from) on every queue on the qmgr.

A way to avoid this problem without implementing your own exits is to use MQ SSL (MQ 5.3) and to have only secure channels.

You can then set each (SVRCONN-) Channel to accept only a specific certificate (or a a specific group of certs). So you ensured that only the owners of specific certificates can connect to the queue manager. With setting MCAUID on the channel the userid will be switched as soon as the client could successfully connect to the channel.

With this combination of settings you can assign a specific uid to a specific certificate. Now set the authorizations on the queue in order the specified uid can do what it needs. (This uid should have an own group, because authorizations are always set for the whole group.)

The same combinations of certs, uids, channels and queues you can set up for other client applications, without having the danger that they can use queues which they shouldn't.

Regards
Silvano
Back to top
View user's profile Send private message
rajmq
PostPosted: Mon Jul 28, 2003 10:05 pm    Post subject: Reply with quote

Partisan

Joined: 29 Sep 2002
Posts: 331
Location: USA
Hi

Thanks for ur Reply

Currently i have plan to upgrade my system MQ5.2 to MQ5.3.But u have any document for SSL implementaion in MQ5.3. or show me other any links. My application is running in AIX and client is Linux & NT

regards
raj
Back to top
View user's profile Send private message
harwinderr
PostPosted: Mon Jul 28, 2003 10:30 pm    Post subject: Reply with quote

Voyager

Joined: 29 Jan 2002
Posts: 90
The WMQ Security and the Clients guide are good to start with.
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Java / JMS » Secure connetion to QMGR
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.