Home

 

Security of WebSphere MQ objects

 

This section deals with remote messaging aspects of security.

You need to provide users with authority to make use of the WebSphere MQ facilities, and this is organized according to actions to be taken with respect to objects and definitions. For example:

• Queue managers can be started and stopped by authorized users

• Applications need to connect to the queue manager, and have authority to make use of queues

• Message channels need to be created and controlled by authorized users

• Objects are kept in libraries, and access to these libraries may be restricted

The message channel agent at a remote site needs to check that the message being delivered originated from a user with authority to do so at this remote site. In addition, as MCAs can be started remotely, it may be necessary to verify that the remote processes trying to start your MCAs are authorized to do so. There are three possible ways for you to deal with this:

1. Specify PUTAUT=CTX in the channel definition to indicate that messages must contain acceptable context authority, otherwise they will be discarded.

2. Implement user exit security checking to ensure that the corresponding message channel is authorized. The security of the installation hosting the corresponding channel ensures that all users are properly authorized, so that you do not need to check individual messages.

3. Implement user exit message processing to ensure that individual messages are vetted for authorization.

• On UNIX systems
  

• On Windows systems
  

• User IDs across systems
  

 

Parent topic:

Other things to consider

ic12620_

 

Home