In addition to a basic WebSphere MQ Everyplace network, certain features
can be further configured to enhance data security. Generally speaking,
WebSphere MQ Everyplace provides two security mechanisms directly concerned
with the transport of messages:
- Message-based security
- Messages are encrypted by the application, using WebSphere MQ Everyplace
services, and passed to WebSphere MQ Everyplace for transport in a fully
protected state. WebSphere MQ Everyplace delivers the messages to a
target queue, from which they are removed by an application and subsequently
decrypted, again using WebSphere MQ Everyplace services. Since the
messages are fully protected when being directly handled by WebSphere MQ
Everyplace, they can be flowed over clear channels and held on unprotected
intermediate queues.
This security feature involves application programming and is beyond the
scope of this book. Readers are referred to the WebSphere MQ Everyplace
Application Programming Guide for further details.
- Queue-based security
- Messages are assumed to have been encrypted by the application when they
are passed to WebSphere MQ Everyplace. WebSphere MQ Everyplace delivers
the messages to a target queue, from which they are removed by an
application. WebSphere MQ Everyplace protects the messages on receipt
and flows them over secure channels; they are also held protected on any
intermediate queues and on the destination queue.
This security feature does not involve application programming. As
long as configurations have been set up properly, messages are automatically
protected during transmission. This Chapter discusses the various
configurations appropriate for queue-based security.
Queue-based security is currently only supported by the Java code
base.
© IBM Corporation 2002. All Rights Reserved