| Author |
Message
|
| oz1ccg |
 Posted: Mon Jan 10, 2005 12:32 am Post subject: |
 |
|
Yatiri
Joined: 10 Feb 2002
Posts: 628
Location: Denmark
|
Peter wrote:
| Quote: |
| 12. Fix the security hole that SVRCONN channels with a blanck MCAUSER hit us with (Java apps default to connecting as mqm or MUSR_MQADMIN). |
Originally when MQSeries came out first time, this was locked, like setting the MACUSER to 'NoBody' but sombody complained to IBM that it was too hard to get started with MQSeries when there was so much security ... 
So IBM listened to us , and changed it.. So it's up to the MQ admins to keep their MQ Networks tight. So this is NOT a security hole !  Should IBM also remove the SWITCH profiles in RACF, so we can turn off security ?
I'm using a small script when creating a queuemanager, it closes the holes, and adjusts the various settings needed in most of our networks.
Just my $0.02 
_________________
Regards, Jørgen
Home of BlockIP2, the last free MQ Security exit ver. 3.00
Cert. on WMQ, WBIMB, SWIFT. |
|
| Back to top |
|
 |
| PeterPotkay |
| Posted: Mon Jan 10, 2005 2:35 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
OK, maybe "security hole" is the wrong term.
I too configure all my QMs with scripts that fix all this. But really, why in the world in the absence of a valid ID, would a product default to the most powerful one?!?!? If an ID is not presented, fail!
Knock, knock?
Who's there?
.
.
.
Who's there?...You won't give me your name or show your face? OK! Here are the keys to my house and my car, my SSN, and a list of all my bank accounts.
In today's world of heightened security, defaulting to a super user when no user is presented is inexcusable.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Tue Jan 11, 2005 3:18 am Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| PeterPotkay wrote: |
Who's there?...You won't give me your name or show your face? OK! Here are the keys to my house and my car, my SSN, and a list of all my bank accounts. |
What's your address? 
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Feb 04, 2005 9:44 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
To do an MQINQ on a cluster queue, you need to open the queue with MQSET as well.
To write a tool that monitors both local queues and cluster queues, you have to assume a cluster queue, and open every queue with MQINQ and MQSET.
So now I have to give the userID +set as well as +inq.
Please fix it in 6.0 so that a user that only needs +inq is not required to have +set as well.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| kevinf2349 |
| Posted: Fri Feb 04, 2005 9:47 am Post subject: |
|
|
Grand Master
Joined: 28 Feb 2003
Posts: 1311
Location: USA
|
I understand (from a contact) that version 6 is currently in Beta test and due for release in March.
Has anyone seen a list of new stuff that is actually going to be in version 6? |
|
| Back to top |
|
|
| csmith28 |
| Posted: Fri Feb 04, 2005 10:10 am Post subject: |
|
|
Grand Master
Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
|
Well, I heard that WMQExplore will no longer be included. They are switching to Eclipse.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
| Back to top |
|
|
| Michael Dag |
| Posted: Fri Feb 04, 2005 2:00 pm Post subject: |
|
|
Jedi Knight
Joined: 13 Jun 2002
Posts: 2607
Location: The Netherlands (Amsterdam)
|
| kevinf2349 wrote: |
I understand (from a contact) that version 6 is currently in Beta test and due for release in March.
Has anyone seen a list of new stuff that is actually going to be in version 6? |
your contact may be right... I have heard the same rumours (who hasn't)...
release in March? my gut feeling says they need to announce the product first, then fill the production channel, and oh get CSD1 err FP1 ready... after all, the rumoured timeframe was 1H-2005...
From history IBM MQ software has 2 announcement 'windows', my guess is Announcement will be April 1st (last year we were surprised by the announcement of the Candle acquisition on that date...), availability end of may, beginning june....
who knows time will tell...
and no there is no list of actual features of an unannounced product... (although that would be nice  )
_________________
Michael
MQSystems Facebook page |
|
| Back to top |
|
|
| csmith28 |
| Posted: Fri Feb 04, 2005 2:18 pm Post subject: |
|
|
Grand Master
Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
|
Well when I took the Advanced WMQ Systems Administration for Distributed Platforms Class in Sept 2004 the instructor indicated "unofficially and off the record ofcourse" that WMQ6.0.0.0 would be released in late July 2005.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
| Back to top |
|
|
| csmith28 |
| Posted: Mon Mar 27, 2006 5:08 pm Post subject: |
|
|
Grand Master
Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
|
I'm dissapointed.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Mon Mar 27, 2006 5:09 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7723
|
| csmith28 wrote: |
| I'm dissapointed. |
with?
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| csmith28 |
| Posted: Mon Mar 27, 2006 7:04 pm Post subject: |
|
|
Grand Master
Joined: 15 Jul 2003
Posts: 1196
Location: Arizona
|
| PeterPotkay wrote: |
| csmith28 wrote: |
| I'm dissapointed. |
with? |
Go to page one in this thread. Don't get me wrong, WMQ6 is muchly more gooder than 5.3 on many different levels but IBM had the opportunity to do so much more.
Simple things really considering.
_________________
Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Mon Mar 27, 2006 7:53 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
I got what I expected...
Wasn't there an ancient sysadmin somewhere who said something about "expectation leads to disappointment. Disappointment leads to anger. Anger leads to hate. hate leads to purging the universe of the lusers. Purging the universe of the lusers leads to uptime."
Wait.
Where was I going with this?
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
