Security

In addition to a basic WebSphere MQ Everyplace network, certain features can be further configured to enhance data security. Generally speaking, WebSphere MQ Everyplace provides two security mechanisms directly concerned with the transport of messages:

Message-based security
Messages are encrypted by the application, using WebSphere MQ Everyplace services, and passed to WebSphere MQ Everyplace for transport in a fully protected state. WebSphere MQ Everyplace delivers the messages to a target queue, from which they are removed by an application and subsequently decrypted, again using WebSphere MQ Everyplace services. Since the messages are fully protected when being directly handled by WebSphere MQ Everyplace, they can be flowed over clear channels and held on unprotected intermediate queues.

This security feature involves application programming and is beyond the scope of this book. Readers are referred to the WebSphere MQ Everyplace Application Programming Guide for further details.

Queue-based security
Messages are assumed to have been encrypted by the application when they are passed to WebSphere MQ Everyplace. WebSphere MQ Everyplace delivers the messages to a target queue, from which they are removed by an application. WebSphere MQ Everyplace protects the messages on receipt and flows them over secure channels; they are also held protected on any intermediate queues and on the destination queue.

This security feature does not involve application programming. As long as configurations have been set up properly, messages are automatically protected during transmission. This Chapter discusses the various configurations appropriate for queue-based security.

Queue-based security is currently only supported by the Java code base.



© IBM Corporation 2002. All Rights Reserved