Re: Many Client connections - how many svrconn channels?

Mon, 15 Mar 2004 06:44:16 -0800

Hi Ruzi,

Should BlockIP2 changed so you would be able to change MCAUSER depending on
the connectioname/userid ? Maybe something like the options for SSL ?

(Without SSL it might introduce security risks, anyway the best way of
protection is a set of exits, so you get an authentication of the real user
using userid/password)
BlockIP and BlockIP2 was just a small security enhancement, but it seems
that there is a need for WebSphere MQ security tools.

Let me hear your oppinion on this issue.

Just my $0.02 ;o)

Kind regards
Jxrgen
www.MrMQ.dk - the home of BlockIP



From: Ruzi R <[EMAIL PROTECTED]>
Reply-To: MQSeries List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: Many Client connections - how many svrconn channels?
Date: Mon, 15 Mar 2004 04:49:35 -0800

Just to make a correction to my previous note before
anyone jumps in:

I would want to leave the MCAUSER blank so that
I can tell who put the message onsee whothe message on
the queue. Svrconn does not show the userid but the
connectin name.

Thanks,

Ruzi

things like inquiring the status of the svrconn
channel or  the userid of the message on the queue
etc. would indicate the actual user rather than the
group userid.

--- Ruzi R <[EMAIL PROTECTED]> wrote:
> > But if you've got relatively few access levels,
> you
> > can define a svrconn
> > with appropriate MCAUSER for each and then
> restrict
> > which users are
> > permitted to use which connections from the exit.
>
> Thanks Dennis. However, I think it would be safe and
> maybe even better to leave  MCAUSER blank. Because
> BLOCKIP2 will allow only the users (and IP
> addresses)
> in the security exit file anyway. This would come in
> handy during a problem investigation -- for example,
> things like inquiring the status of the svrconn
> channel or  the userid of the message on the queue
> etc. would indicate the actual user rather than the
> group userid.
>
> Ruzi


_________________________________________________________________
Fe alle de nye og sjove ikoner med MSN Messenger http://messenger.msn.dk/

Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive

Reply via email to