In WebSphere MQ, there are three methods of providing security:
- The Object Authority Manager (OAM)
- User-written, or third party, channel exists
- Channel security using Secure Sockets Layer (SSL)
The Object Authority Manager (OAM): This is automatically installed and enabled for each queue manager you create, unless you specify otherwise. All actions performed by an application connected to a queue manager are authenticated by the queue manager by a component called OAM. Every time an application attempts any action against a WebSphere MQ object, the OAM ensures that the identity under which that application is connected to QM has been set to allow the type of access it is requesting on the object. Read more »
Windows Communication Foundation – Why security is needed?
Using WCF, we can create applications that function as both services and service clients. One service could be transmitting, creating and processing messages for an unlimited number of other services and clients. In such a distributed application, messages can flow from node to node, through firewalls, onto the Internet, and through numerous SOAP intermediaries. This introduces a variety of message security threats. The following examples illustrate some common threats that WCF security can help mitigate when exchanging messages between entities: Read more »
After taking a close look at Microsoft’s embarrassingly lightweight Strategic Technology Protection Program, which, however, provides a welcome shift of emphasis for the company, it’s time to return to the security features in Microsoft’s upcoming .NET framework. This week, I’ll take a brief look at the framework’s type safety. Don’t confuse this type safety with data type-verification in most programming languages. In a .NET security context, type safe means preventing programs from accessing memory outside the bounds of an object’s public properties.
Type-safe code accesses only the memory locations it is authorized to access. For example, type-safe code cannot directly read values from another object’s private fields or code areas. It accesses types only in well-defined, allowable ways, thereby circumventing certain popular overrun security breaches. Read more »
Cryptography in .NET
The focus of this month’s article will be ill be on encrypting data using the cryptography classes available through the Microsoft .NET Framework. Providing an in depth explanation of cryptography and how it works is well beyond this column and I will leave to those more algorithm and mathematically included than I. Instead, I’ll provide an overview of cryptography, cover the basics on some of what’s available through the .NET Framework, and then we’ll focus on the use of symmetric encryption to protect data such as user passwords. Read more »
Comments (0) 
