Dear MQers,
I'm very proud to tell you that I've found BlockIP2 version 2 is ready to
fly.
BlockIP2 have been completely rewritten thanks to Sid Young, and ported to
z/OS by Neil Casey ;o)
More function have been added to the Security exit.
You'll find the exit information here:
http://www.mrmq.dk/
Hi Vaughan,
The definitions looks allright, (I have a question, see later).
What seems odd is:
Task No.Task StatusThread StatusNo-of-APIsLast API
-- - --- --
Starting
Initiation Queue Name: INITQ
It shoul
The way to do it might be using the cluster workload exit for routing the
messages.
Using this exit you can deside where you want to send the message It's
all yours.
Your setup seems to be quite complicated... so your job is safe ;o)
Just my $0.02 ;o)
Kind regards
Jxrgen
www.mrmq.dk
the author
Hi Vijay,
First of all "No DLL on Z/OS"
what you have to do is creating a load module (normal Z/OS wise), and place
that in the library specified by DD CSQXLIB on your CHIN Task. When you have
done this, you will be able to specify the exit and get WebSphere MQ to load
the program.
It's all documen
Hi Mark,
try take a look on the supportpack MO02:
http://www-306.ibm.com/software/integration/support/supportpacs/category.html#cat2
It works on: z/OS, windows and AIX.
Kind regards
Jxrgen
www.mrmq.dk
the author of BlockIP
Mark wrote:
Does anyone have a channel send/receive exit that does compressi
Hi MQers.
Just a small blimp on the blue sky from to announce that the new redesigned
version of BlockIP2 is ready to rock and rool (I hope without too many
errors).
You find the beta version here,
http://www.mrmq.dk/BlockIP.htm#BlockIP2_version_2.1x
Thanks to all who have tested and commented on t
Hi Benjamin,
You should get a file: c:\BlockIP2.log presenting you with a log/trace fil
telling you what BlockIP2 do.
If you're dealing with windows you must specify scyexit() and scydata() like
this:
alt chl(SYSTEM.ADMIN.SVRCONN) chltype(SVRCONN) +
SCYDATA('FN=d:\utils\exit\blck.cfg;-d') +
scyex
Hi all,
I've tested BlockIP2 and have to do more testing and changes because of some
incompability reasons with older version of BlockIP2.
But it seems a bit like "the ugly duckling" by our famous danish writer
H.C.Andersen, whaich ended up as a nice Swan. BlockIP2 version 2.x will also
be a swan
in the exit data field.
It is now easier to add additional options and the code to handle them. the
code is not yet finished but I have attached todays effort, if you don't
want it thats fine, I'll keep it in house for my own use.
Sid
-Original Message-
From: Jxrgen Pedersen [mailt
Hi, Sid & Co.
I'll look into it, but it should, match up both conname and userid before
accepting the connection and allow evt. the change of MCAUSER.
Have you a debug sysprint (with the -d; option), pls. send for
investigation.
Kind regards
Jxrgen
www.mrmq.dk
the author of BlockIP
From: [EM
Hi Mike,
You could use BlockIP2 to help you there. BlockIP2 can filter on your
connection name together with the userid. And if you have a match it can
even change/set MCAUSER depending on your choise.
Another ting is when leaving a SVRCONN open you can let everybody inside. If
somebody can write
Hi Sid,
Yes, I'll put your changes into the code, no problem.
I thinks it's a good idea just to keep one version of BlockIP/BlockIP2 so we
allways know how to solve problems, and not have to deal with at lot of
"cousins".
Just send me the code, and I'll review the code before release.
Kind regard
I just updated BlockIP2 so it might help "Ruzi R" with some of the security
challanges.
It's quite simple what can be done, su}ntax of the new CON parameter:
CON=;[;MCA={*|userid}];
and an example of parameter file
#
# Simple filter implemented in BlockIP2 version 1.22
#
# 1. stop all connection at
Hi Paul & Co,
This have been a long thread... and I'm going to extend it a bit more.
;o)
I like to point some things out with regard to the security, and I agree
with Paul and T.Rob to some extend...
Without security exits and/or SSL there are no authentication at all. I
doesn't matter if you
Hi There,
There is on from Morag at the UK-MQUG
http://www.mqug.org.uk/anonftp/021131%20-%20Ssl.pdf
Maybee it can help ??
Just my $0.02 ;o)
Kind regards
Jxrgen
I while back there was link to a doc called "How Secure are your channels?"
by Morag Hughson. I can't find the link, all I have is a pap
. Just too little time to read
messages and respond... Sorry...
Regards,
Ruzi
--- Jxrgen Pedersen <[EMAIL PROTECTED]> wrote:
> Hi Ruzi,
>
> It's quite dangerous to use ENQ/DEQ in conjunction
> with WebSphere MQ/CICS
> triggered applications (If you don't know the
>
Quite simple. until the next idea opens, running the CICS transaction
under the auth of the issueing userid.
This can require "some" design changes in both the applications and in the
adopted CKTI.
Just a case to emphesize.
Just my $0.02 ;o)
Kind regards
Jxrgen
From: "Heggie, Peter" <[EMAIL
Hi John,
take a look here:
http://www.mqseries.net/phpBB2/viewtopic.php?t=13836
Just ask the question in one forum please.
Just my $0.02 ;o)
Kind regards
Jxrgen
From: "Dawson, John" <[EMAIL PROTECTED]>
Reply-To: MQSeries List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: MQ Triggering in CI
Hi Ruzi,
It's quite dangerous to use ENQ/DEQ in conjunction with WebSphere MQ/CICS
triggered applications (If you don't know the consequences).
It requires a good program design. The reason to get me up of the chair is
the fact that you might lose triggers due to the triggering rules.
Let's have a
Hi Carol,
First, you have to have a CKTI running on each LPAR.
One of my clients are running CICSPLEX and MQ Clustering, it have been a
challange, to get the applications to work under these circumstances. It's
not free to use MQ Clustering, any new technique requires some studies,
experiments an
Hmm,
6000 milices. sounds to me like 6. seconds right ?
just my $0.02 ;o)
Kind regsrds
joergen
From: "Chase, John" <[EMAIL PROTECTED]>
Reply-To: MQSeries List <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FW: CICS - MQSeries Puzzle
Date: Thu, 12 Feb 2004 11:12:10 -0600
Looks like we found som
Are CKTI running ??
2nd. try flip NOTRIGGER/TRIGGER on the queue, this will generate a new
trigger message (if the trigger monitor is running).'
You can see the status of CKTI using CKQC transaction.
Inspiration here:
http://www.mrmq.dk/CICStrouble.htm
Kind regards
joergen
From: "Chase, John" <[E
Hi Mike,
you could take a look on BlockIP, because it's written for both Z/OS and the
distributed world.
The Security exit for Z/OS is written in Assembler, and I've tried to make
it readable and the exit can also WTO some interesting MQXX info during
execution
http://home19.inet.tele.dk/m-inv
Hi Wesley,
You could take a look on my BlockIP2 exit, and get some inspiration from
that implementation.
Most of the time it's just small modifications needed to solve most of the
requirements...
http://home19.inet.tele.dk/m-invent/tips_and_tricks.htm#BlockIP2
Just my $0.02 ;o)
Kind regards
Jxrg
Hi Jan,
the only time The Channel initiator is using the mqm or MUSRr_MQADMIN is
when Remoteuserid field is empty. When you have a "normal" application it's
running under your user, and therefore will the data be put (or getted)
using the userid runnning the program.
A JMS application will (normal
e (instead of defaulting to mqm). Also, a new channel attribute
called BlockMQM which could be turned on to reject (with no further exits
or
efforts) any connections coming in as mqm or MUSR_MQADMIN.
Just my $0.02 ;o)
_
Best regards
Jxrgen Pedersen
IBM Certified WebSphere MQ *
IBM Certif
26 matches
Mail list logo
