Comments for Store and Forward

Comment on No such thing as a persistent queue! by Laurent

Laurent — Wed, 09 May 2012 12:41:21 +0000

When teeaching the MQ admin course, I always insist on this. If the course could be changed in that direction, that would be a great improvement (and save me some explanations)

Comment on No such thing as a persistent queue! by T.Rob

T.Rob — Sun, 06 May 2012 20:58:47 +0000

Last week an IMPACT attendee begged to differ with my conclusion that there's no such thing as a persistent queue. "Except for temporary dynamic queues," he told me with a grin, "they're pretty much ALL persistent. Once you define 'em, they never go away." Well, you got me there! This topic actually came up a couple of times and one person suggested there should be a DEFPSIST(REQUIRED) setting on the queue that means "if you do not explicitly set persistence one way or the other, the PUT fails." I like it! Let's see if it ends up in the RFE Community. I'd vote on that.

Comment on No such thing as a persistent queue! by Gerd Diederichs

Gerd Diederichs — Tue, 01 May 2012 09:35:02 +0000

To expand on this topic, which happens to be a bugbear of mine of long standing as well, the queue’s default persistence is hardly ever invoked. Why? Because the persistence setting of a message can have one of three values: YES, NO, AS_PER_QUEUE_DEFAULT, and guess what, the latter is not the default! If I remmeber correctly, on distributed systems the default is NO and on z/OS it is YES. And – fortunately in my opinion, most programmers will either forget to choose or choose YES or NO, respectively. Which is exactly what we want: People making up their minds about whether they need persistence here or not. What remains as a rather unfortunate side effect is that people look at DEFPSIST of a queue and then expect the messages to go that way. Hence the wail “But my queue is persistent, where are my messages?” – Well, see above for T-Rob’s excellent explanation.

Comment on WMQ Humor by George Carey

George Carey — Fri, 20 Apr 2012 19:52:23 +0000

Some of these subtlely hilarious for the MQ crowd.

One needs to be an MQ Geek … yet not a nerd to write these, a good combo!

GTC

Comment on Credit card security fail by Scott Meridew

Scott Meridew — Tue, 28 Feb 2012 16:27:49 +0000

Great Post Rob. Here’s a simple solution I’d like to see them implement – because I’ve been in your shoes before. Know how we all receive a CVV number printed on the back of the card so we can verify that we are in possession of the card? Why don’t they issue a corresponding CVV number that THEY can use to identify themselves to you? Then when they call you, they can verify who they are first.

Comment on Credit card security fail by Doug

Doug — Wed, 14 Dec 2011 16:15:24 +0000

I was 45 minutes into talking to someone at my local bank branch when we shifted over to the topic of security. I asked if they were improving the online security, perhaps to some sort of two-factor authentication device like the RSA Key. (Answer: No.) I made an offhanded comment that their security was annoying lax. She asked “what do you mean?”

I pointed out: We’ve been making all sorts of changes to my personal account, and yet you haven’t even asked me for ID.

She turned red, and stammered briefly.

“And THAT’s why I’m asking for better security for my online bank access.” I told her.
(And I’m not getting it, because apparently nobody asks these obvious questions.)

Comment on Encrypting passwords in config files – secure or not? by T.Rob

T.Rob — Thu, 03 Nov 2011 17:33:42 +0000

@Gustav – We actually found a bug this way at WSTC Berlin. The WMQ Security Lab has a note that one should make keystores read-only at run time and never world or group readable. One of the students misunderstood and set the keystore perms to read-only *before* generating the Cert Signing Request. The iKeyman GUI was obviously unable to write the keystore but never raised an error!

So, yes absolutely, I’m trying to get information added to the docs about things that are not strictly WMQ configuration, including making keystores and configuration files private to the owner. I already mention this in the security presentations and articles so the word is starting to get out. Of course, we also raised a defect for iKeyman to throw an error for non-writable keystores.

Hope to see you at the next WSTC and keep those comments and suggestions coming. They help me justify the changes to the docs and feature requests – and they keep me on my toes!

Comment on Encrypting passwords in config files – secure or not? by Gustav

Gustav — Tue, 25 Oct 2011 18:54:33 +0000

Thanks for the interesting article Rob, I commented on this at one of your sessions at the Düsseldorf WebSphere conference last year
The obfuscated stash file may give the administrator a false sense of security and I think an important security reminder could be to always make it mq service user readable only.

Comment on WMQ Security in v7.1 by Kalpana

Kalpana — Wed, 19 Oct 2011 06:51:59 +0000

Informative crisp article for WMQ 7.1 security features. Very nice.

Comment on Hang on – switching hosting providers by T.Rob

T.Rob — Wed, 20 Jul 2011 17:48:36 +0000

Hi Dave – The move was just a bit rocky but successful in the end. The Archives page was supposed to have an index of posts but I was unable to get it to work after the move. I’m not sure whether it had to do with the WordPress upgrade conflicting with the theme I’m using, something with the new hosting platform (not likely, I think) or something altogether different. In any case, I’ve been so caught up in the transition at work (more on that in the next post) that I just nixed the page from the menu and moved on. Also, the email list which was powered by Mailman at Webzpro was a complete loss. I hope to have a replacement sometime in August or September. On a positive note, I did get SSL set up on the new host site.