Security and administration

By default, any WebSphere MQ Everyplace application can administer managed resources. The application can be running as a local application to the queue manager that is being managed, or it can be running on a different queue manager. It is important that the administration actions are secure, otherwise there is potential for the system to be misused. WebSphere MQ Everyplace provides the basic facilities for securing administration using queue-based security which is described in Security.

If you use synchronous security, you can secure the administration queue by setting security characteristics on the queue. For example you can set an authenticator so that the user must be authenticated to the operating system (Windows NT or UNIX) before they can perform administration actions. This can be extended so that only a specific user can perform administration.

The administration queue does not allow applications direct access to messages on the queue, the messages are processed internally. This means that messages put to the queue that have been secured with message level security cannot be unwrapped using the normal mechanism of providing an attribute on a get or browse request.



© IBM Corporation 2000, 2003. All Rights Reserved