On 04/10/2000, Lowery, Richard <[EMAIL PROTECTED]> wrote To [EMAIL PROTECTED]:
> We have implemented an application using MQ. I would be very interested in
> anything that you find related to security issues. We have also been
> looking into the product, but have not have much success as of yet.
Provide at least an security transport layer like IPSec for it.
Flightbooking systems basing on MQS are doing that also.
Some other for Insurance issues will get that too, including a plain
password (yes: ARGH) within the database-packets for "authentication".
MQS was not build to be secure and it seems it wont be in near future,
so secure the transport between MQS server and clients.
Of course this is not against the misuse "behind" the tunnel-end, but
it's always difficult to kill any scenario against a misusing authorative
person.
ciao
--
Philipp Buehler, aka fIpS | sysfive.com GmbH | BOfH | NUCH | <double-p>
%SYSTEM-F-TOOEARLY, please contact your sysadmin at a sensible time.
Artificial Intelligence stands no chance against Natural Stupidity.
[X] <-- nail here for new monitor
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
