« Cryptosmith Blog | Main | ET and IT »


Dave Tauzell

I think that in most J2EE environments databases pose an even greater problem. They are typically secured via username/password, however, this username and password is often available to the application server in clear text. What makes access to the database worse than MQ is that there is a standard way to query and modify the data.


Hi Dave,

there are a lot of holes, the difference as I see it is - databases run applications and departments.

Mainframes run businesses.

Jim Manico

I think you hit the bulls-eye with this post.

Your post is reminiscent of the fatal flaw within the PCI-DSS standard, in that it is acceptable to transmit credit card data inside of a corporate network in plaintext - the only transport security requirement involves credit card data being transmitted into the cloud. Crazy.

I would also like to say that IBM is not to blame - the problem is with the implementation - you can run MQ with strong transport security, auth and access control. http://www.ibm.com/developerworks/websphere/techjournal/0806_mismes/0806_mismes.html

Marinus van Aswegen

Hard crusty outside, soft chewy center :)


The biggest issue i believe was the middleware authorization and authentication. Within MQ whatever you implement access control to Mainframe(actually this is not mean direct conection , you need some client like entireX) the user that authenticate over backend system is always the same. At that point JAVA2 security become more preventive..

The comments to this entry are closed.