Comments for Store and Forward https://t-rob.net A blog about securing and using WebSphere MQ Wed, 14 Dec 2011 16:15:24 +0000 hourly 1 http://wordpress.org/?v=3.3.1 Comment on Credit card security fail by Doug https://t-rob.net/2011/11/02/credit-card-security-fail/#comment-120 Doug Wed, 14 Dec 2011 16:15:24 +0000 https://t-rob.net/?p=479#comment-120 I was 45 minutes into talking to someone at my local bank branch when we shifted over to the topic of security. I asked if they were improving the online security, perhaps to some sort of two-factor authentication device like the RSA Key. (Answer: No.) I made an offhanded comment that their security was annoying lax. She asked "what do you mean?" I pointed out: We've been making all sorts of changes to my personal account, and yet you haven't even asked me for ID. She turned red, and stammered briefly. "And THAT's why I'm asking for better security for my online bank access." I told her. (And I'm not getting it, because apparently nobody asks these obvious questions.) I was 45 minutes into talking to someone at my local bank branch when we shifted over to the topic of security. I asked if they were improving the online security, perhaps to some sort of two-factor authentication device like the RSA Key. (Answer: No.) I made an offhanded comment that their security was annoying lax. She asked “what do you mean?”

I pointed out: We’ve been making all sorts of changes to my personal account, and yet you haven’t even asked me for ID.

She turned red, and stammered briefly.

“And THAT’s why I’m asking for better security for my online bank access.” I told her.
(And I’m not getting it, because apparently nobody asks these obvious questions.)

]]> Comment on Encrypting passwords in config files – secure or not? by T.Rob https://t-rob.net/2011/10/24/encrypting-passwords-in-config-files-secure-or-not/#comment-101 T.Rob Thu, 03 Nov 2011 17:33:42 +0000 https://t-rob.net/?p=475#comment-101 @Gustav - We actually found a bug this way at WSTC Berlin. The WMQ Security Lab has a note that one should make keystores read-only at run time and never world or group readable. One of the students misunderstood and set the keystore perms to read-only *before* generating the Cert Signing Request. The iKeyman GUI was obviously unable to write the keystore but never raised an error! So, yes absolutely, I'm trying to get information added to the docs about things that are not strictly WMQ configuration, including making keystores and configuration files private to the owner. I already mention this in the security presentations and articles so the word is starting to get out. Of course, we also raised a defect for iKeyman to throw an error for non-writable keystores. Hope to see you at the next WSTC and keep those comments and suggestions coming. They help me justify the changes to the docs and feature requests - and they keep me on my toes! @Gustav – We actually found a bug this way at WSTC Berlin. The WMQ Security Lab has a note that one should make keystores read-only at run time and never world or group readable. One of the students misunderstood and set the keystore perms to read-only *before* generating the Cert Signing Request. The iKeyman GUI was obviously unable to write the keystore but never raised an error!

So, yes absolutely, I’m trying to get information added to the docs about things that are not strictly WMQ configuration, including making keystores and configuration files private to the owner. I already mention this in the security presentations and articles so the word is starting to get out. Of course, we also raised a defect for iKeyman to throw an error for non-writable keystores.

Hope to see you at the next WSTC and keep those comments and suggestions coming. They help me justify the changes to the docs and feature requests – and they keep me on my toes!

]]> Comment on Encrypting passwords in config files – secure or not? by Gustav https://t-rob.net/2011/10/24/encrypting-passwords-in-config-files-secure-or-not/#comment-98 Gustav Tue, 25 Oct 2011 18:54:33 +0000 https://t-rob.net/?p=475#comment-98 Thanks for the interesting article Rob, I commented on this at one of your sessions at the Düsseldorf WebSphere conference last year :) The obfuscated stash file may give the administrator a false sense of security and I think an important security reminder could be to always make it mq service user readable only. Thanks for the interesting article Rob, I commented on this at one of your sessions at the Düsseldorf WebSphere conference last year :)
The obfuscated stash file may give the administrator a false sense of security and I think an important security reminder could be to always make it mq service user readable only.

]]> Comment on WMQ Security in v7.1 by Kalpana https://t-rob.net/2011/10/18/wmq-security-in-v7-1/#comment-96 Kalpana Wed, 19 Oct 2011 06:51:59 +0000 https://t-rob.net/?p=471#comment-96 Informative crisp article for WMQ 7.1 security features. Very nice. Informative crisp article for WMQ 7.1 security features. Very nice.

]]> Comment on Hang on – switching hosting providers by T.Rob https://t-rob.net/2011/04/23/hang-on-switching-hosting-providers/#comment-88 T.Rob Wed, 20 Jul 2011 17:48:36 +0000 https://t-rob.net/?p=422#comment-88 Hi Dave - The move was just a bit rocky but successful in the end. The Archives page was supposed to have an index of posts but I was unable to get it to work after the move. I'm not sure whether it had to do with the WordPress upgrade conflicting with the theme I'm using, something with the new hosting platform (not likely, I think) or something altogether different. In any case, I've been so caught up in the transition at work (more on that in the next post) that I just nixed the page from the menu and moved on. Also, the email list which was powered by Mailman at Webzpro was a complete loss. I hope to have a replacement sometime in August or September. On a positive note, I did get SSL set up on the new host site. Hi Dave – The move was just a bit rocky but successful in the end. The Archives page was supposed to have an index of posts but I was unable to get it to work after the move. I’m not sure whether it had to do with the WordPress upgrade conflicting with the theme I’m using, something with the new hosting platform (not likely, I think) or something altogether different. In any case, I’ve been so caught up in the transition at work (more on that in the next post) that I just nixed the page from the menu and moved on. Also, the email list which was powered by Mailman at Webzpro was a complete loss. I hope to have a replacement sometime in August or September. On a positive note, I did get SSL set up on the new host site.

]]> Comment on Hang on – switching hosting providers by David Awerbuch https://t-rob.net/2011/04/23/hang-on-switching-hosting-providers/#comment-87 David Awerbuch Wed, 20 Jul 2011 14:54:13 +0000 https://t-rob.net/?p=422#comment-87 Hi T.Rob, So .... did the rehosting cutover succeed? you never updated the home page after what was supposed to be the April move. Also,what happened to your page http://t-rob.net/archives ?? Thanks, Dave Hi T.Rob,

So …. did the rehosting cutover succeed? you never updated the home page after what was supposed to be the April move.

Also,what happened to your page http://t-rob.net/archives ??

Thanks,
Dave

]]> Comment on Handy IMPACT conference cross reference by T.Rob https://t-rob.net/2011/03/29/handy-impact-conference-cross-reference/#comment-81 T.Rob Sat, 02 Apr 2011 04:46:39 +0000 https://t-rob.net/?p=409#comment-81 Sorry Andy! I saw it listed that way somewhere and thought you had a dedicated handle just for WebSphere stuff. I've corrected it and if I find where I got that, I'll let you know. Sorry Andy! I saw it listed that way somewhere and thought you had a dedicated handle just for WebSphere stuff. I’ve corrected it and if I find where I got that, I’ll let you know.

]]> Comment on Handy IMPACT conference cross reference by andy piper https://t-rob.net/2011/03/29/handy-impact-conference-cross-reference/#comment-80 andy piper Fri, 01 Apr 2011 23:43:49 +0000 https://t-rob.net/?p=409#comment-80 hey T.Rob. Nice guide - you've managed to mangle my Twitter handle somehow though :-) hey T.Rob. Nice guide – you’ve managed to mangle my Twitter handle somehow though :-)

]]> Comment on WMQ File Transfer Edition launched by Kim https://t-rob.net/2008/12/07/wmq-file-transfer-edition-launched/#comment-56 Kim Wed, 09 Feb 2011 01:46:05 +0000 http://t-rob.net/?p=191#comment-56 Probably worth noting that when the agent starts up, it needs to read the agent.properties file and others in the coordination queue manager config directory as well as write out a file to that directory. So if you have installed as another user, and wish to run as a different user, then need to ensure the different user has permissions to read and write to the config directories! Probably worth noting that when the agent starts up, it needs to read the agent.properties file and others in the coordination queue manager config directory as well as write out a file to that directory. So if you have installed as another user, and wish to run as a different user, then need to ensure the different user has permissions to read and write to the config directories!

]]> Comment on Mission:Messaging: Migration, failover, and scaling in a WebSphere MQ cluster by T.Rob https://t-rob.net/2008/12/02/missionmessaging-migration-failover-and-scaling-in-a-websphere-mq-cluster/#comment-55 T.Rob Sat, 15 Jan 2011 18:23:09 +0000 http://t-rob.net/?p=177#comment-55 Hi Hatcher, Yes, Fix Packs are cumulative. If you have any version of v7 you can apply v7.0.1.3 over top of it. Hi Hatcher,

Yes, Fix Packs are cumulative. If you have any version of v7 you can apply v7.0.1.3 over top of it.

]]>