MQSeries.net :: View topic - New MQ Security Hole Found

MQSeries.net

Tech Exchange

Education

Certifications

Library

Info Center

SupportPacs

FAQÂ Â

Usergroups

RSS Feed - WebSphere MQ Support

RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Security » New MQ Security Hole Found - Part 2

New MQ Security Hole Found - Part 2

« View previous topic :: View next topic »

Author

Message

RikBaeten

Posted: Wed Mar 16, 2011 2:35 am Post subject:

Novice

Joined: 26 Feb 2007
Posts: 19

This is correctly working from a client-application v7 in C to a WMQ v5.3 server.

However connecting the same client-application v7 in C to a WMQ v7 server it no longer works. At the same time it continues to work from a Java WMQ v5.3 client app to the same WMQ v7 server.

Here is a related topic which could partially explain this behaviour:
http://stackoverflow.com/questions/5010826/websphere-mq-windows-to-windows-authentication-with-java-classes

mqjeff

Posted: Wed Mar 16, 2011 3:11 am Post subject:

Grand Master

Joined: 25 Jun 2008
Posts: 17447

RikBaeten wrote:

Please don't re-open six year old threads for unrelated issues.

Mods, please split this into a new thread.

RikBaeten - what is your question here?

I'm tempted to disagree with T-Rob on his response in that stackoverflow posting. I did not think that the Java client had any access to os-level user ids unless they were actually specified in the user-written code. It certainly doesn't have the same level of access to os level internals that .NET does, because of the "100% pure java" design of the Java language.

Now maybe the bit about NTSIDsRequired on the channel changes this picture for the Java client, but I'd have to revisit the documentation on that. And this is why I said I'm *tempted* to disagree with T-Rob. Since I know I *haven't* revisited that doc.

exerk

Posted: Wed Mar 16, 2011 3:14 am Post subject:

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

mqjeff, split as requested...
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.

RogerLacroix

Posted: Thu Mar 17, 2011 4:33 pm Post subject:

Jedi Knight

Joined: 15 May 2001
Posts: 3253
Location: London, ON Canada

mqjeff wrote:

I'm tempted to disagree with T-Rob on his response in that stackoverflow posting. I did not think that the Java client had any access to os-level user ids unless they were actually specified in the user-written code. It certainly doesn't have the same level of access to os level internals that .NET does, because of the "100% pure java" design of the Java language.

I agree with Jeff. Java programs running on Windows use the character UserID. Whereas native Windows application do get access to UserID and the SID.

Regards,
Roger Lacroix
Capitalware Inc.
_________________
Capitalware: Transforming tomorrow into today.
Connected to MQ!
Twitter

Display posts from previous:

Page 1 of 1

MQSeries.net Forum Index » IBM MQ Security » New MQ Security Hole Found - Part 2

Jump to:

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Protected by Anti-Spam ACP