When using MQ Light, MQ Light clients and web browsers connect to the MQ Light server. Steps can be taken to restrict access to the MQ Light server, to ensure that only MQ Light clients and web browsers with a legitimate requirement can connect to the server’s resources.


The following unwanted scenarios can occur when no restrictions are applied to applications that connect to an MQ Light server:

  • The connection between an MQ Light client and the server can be interrupted, and be replaced by a connection to a client from an unknown source.
  • Sensitive message data can be received and inspected, and prevented from being delivered to an intended recipient.
  • Messages can be sent to other MQ Light clients, which can disrupt or modify the behavior of other applications.

The MQ Light server implements a Username/Password authentication scheme, that can be used to restrict which clients are allowed to connect to the server. When enabled, the MQ Light server is configured with a username and a password. In order to successfully connect to the MQ Light server, a client must specify the same username and password values.


Username/Password security will restrict access to MQ Light server in environments where you do not have complete control over systems connected to the same network. However, unless the connection between the client and the MQ Light server is protected using SSL/TLS then Username/Password values will be sent in plain text, which would be viewable if intercepted. You can combine Username/Password authentication with SSL/TLS security.



Examples

When the MQ Light server is configured to require Username/Password authentication, the MQ Light User Interface will require you to provide Username/Password credentials before enabling access to it. Additionally, applications that connect to the MQ Light server must specify Username/Password values as part of their application logic.

Join The Discussion

Your email address will not be published.