hi, I saw your question, there is about 107 security problems, I will state
one or two :
1) An unauthorized user can put a message on the queue
(remember to spoof the sequence number (same as IP),
it is predictable, the MQSeries protocol is published ).
2) you can tamper with the message (remember to recalculate check digit
it is standard).
3) you can do replay (remember sequence number spoofing).
4) MQseries user can by using the browse function can look at
sensitive information.
5) MQseries provides no protection against eavesdropping.
or just change the MQM.dll with NEW MQM.dll that does nice put and get
instructions
-----Original Message-----
From: David Lang <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Friday, September 29, 2000 6:42 PM
Subject: IBM MQ security?
>-----BEGIN PGP SIGNED MESSAGE-----
>
>can anyone give me pointers on IBM MQ security issues? I just had the
>development team come and say they want to start using it and I have not
>dealt with it before.
>
>the port info I can get from IBM easily enough, what I am really looking
>for is info on how risky the protocol itself is. I will be passing it
>through one or more internal firewalls.
>
>David Lang
>
>-----BEGIN PGP SIGNATURE-----
>Version: PGP 6.5.2
>
>iQEVAwUBOdS90z7msCGEppcbAQEZmAf/QWhPPHnwYpIpRHFYYlyqdjgsSPkimjEd
>QqtQjMV6aXLxEGN/QWBSExyQ6BM3SGE9ErXMcA5y/dd8D0R/rJb1OrPptA0CrMtF
>YdP1G/tWDoFc6rPyQK4q3dnyFEXQRM0T/BOwy5tA7O3o4adMMfEUU4P9wuWWlO5Q
>x2qoBQBk3Q8N9LRGIyytnD3MCbkUbKUjGvMChTpsXiDIzvtBc71BAsozlT8m4jiG
>TiYVImN8nsbuGFsK6mzS5442oCdYyYYSStkeR9E01L0y0xgBrnQYRNjgTw9EVe78
>jZTDNNBXar6wAXbbdhy5XKH39H+VhZ0nvPTvPFWjSj/0+miSFSfN7Q==
>=WNFl
>-----END PGP SIGNATURE-----
>-
>[To unsubscribe, send mail to [EMAIL PROTECTED] with
>"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
