I am looking for a working reference sample MSMQ remote receive and remote send with transactional support and transport level security.
I have looked into Microsoft documentation and it talks about Message Encryption in theory but I couldn't see a sample.
I knew about WCF implementation however it does only MSMQ as a transit during client to server whereas I am looking for a console client to push a message from a server and later the message could be received by some other client from another server.
Thanks in Advance.
Related
Converse.js successfully makes requests to Prosody bosh but the chat client never actually connects. In the console I can see it hitting the bosh endpoint and after each request it outputs to the console:
"Server did not yet offer a supported authentication mechanism. Sending a blank poll request."
I can hit the bosh endpoint from my browser as well, the proxy pass appears to be working as intended and bosh is running and responding to requests.
Any insight is much appreciated.
I came across this issue as well while using the fullpage demo. The problem was because Prosody was forcing encrypted authentication only for client side.
I recommend going into the config file /etc/prosody/prosody.cfg.lua
Look for the code
-- Force clients to use encrypted connections? This option will
-- prevent clients from authenticating unless they are using encryption.
c2s_require_encryption = true
By default for me this was set to true, change this to false
c2s_require_encryption = false
save it and reboot Prosody
systemctl restart prosody
you could also do
prosodyctl restart
The error message is quite clear. Prosody is not offering a SASL authentication mechanism supported by Converse.
By default Converse supports SCRAM-SHA1, DIGEST-MD5 and PLAIN.
Your XMPP server needs to support one of these.
My application only reads messages from the IBM MQ. I am trying to understand, if one of the end is only reading messages from queue, do both sending and receiving ends need to setup JMS provider(IBM MQ)/Connection factories, Queue destination?What is the difference between JMS provide and Queue manager? Who needs to install JMS provider and Queue manager?
You can think of the queue manager as the server where queues and other MQ objects live. Your application is the client that connects to the server and interacts with the objects there.
IBM MQ server/queue manager IS your JMS provider. Your client application needs the IBM MQ implemented JMS libraries (IBM MQ Classes for JMS) and the JMS api which you can then use in your application to add parameters to your connection factory to connect to the queue manager.
You can see a basic tutorial for a JMS MQ client application here.
Depending on who is in charge of your queue manager and how they have set things up, you should probably not be hard coding the queue manager and queue details in your client application. You should be getting the connection details from the JNDI store if you have an administrator who has set one up for you. See more at the bottom of the JMS tutorial I linked to, for how JMS works.
This question is very specific to FRITZ!Box 7360. I have the lest firmware installed.
I want to configure a sip account from a provider like Elvero. I tried to follow instructions provided at configuring internet telephone. After configuring I do not see any sip connection attempts reaching the sip server and FRITZ!Box complains that it did not get a response from the server.
This means, I cannot receive and make calls through Elvero. Anyone got successful in connecting FRITZ!Box to an external sip provider?
I have been reading a lot of Apache Kafka documentation, but am unable to find if Kafka supports secured communication between Producers-Brokers, Brokers-Consumers, and especially for inter-data center communication for broker replication.
Update: As of 0.9.0.0 the SSL implementation is added to Kafka. The SSL configuration should be added explicitly on the broker side.
It is even possible to enable SSL for inter-broker communication by adding following property to the broker's property file.
security.inter.broker.protocol=SSL
Regarding the producer and consumers the SSL is only supported for the new API.
For details regarding generation of key, certificate and configuration please check deploying SSL for Kafka
Previous Releases
Before 0.9.0.0
Kafka does not support SSL/authentication and as far as my understanding goes they do not have it in their near team road map. One way could be to use encryption at your end and send the encrypted data through producers. However they have this discussion regarding implementing security in future.
Similar discussion can be found here
UPDATE
Thanks to #ppearcy for his findings
Likely things changed since this was posted, but currently security is on the roadmap: https://cwiki.apache.org/confluence/display/KAFKA/Security
There have been patches to support client authentication and secure in transit message delivery but note this has not made it to any production release yet.
There are interesting discussions and future work that includes client authentication, authorization as well as encryption of data at rest https://www.mail-archive.com/dev#kafka.apache.org/msg11664.html
Does anyone have an experience or just thoughts about securing MQ TCP
communication channels using stunnel?
I am integration with third party S.W which has MQ support built in but it can not support SSL. So to have some kind of security over the TCP we would like to use stunnel. Does any one have any thoughts how to implement and any best practices
I haven't used stunnel so I'll leave that part of the answer to another responder. With regard to WMQ, keep in mind that this will provide you with data privacy and data integrity over the stunnel link but will not give you channel-level services such as WMQ authentication. True, you will have some level of authentication on the stunnel connection itself, but anyone with a TCP route to the QMgr that does not arrive via stunnel will also be able to start that channel.
Your requirement for security obviously includes data privacy. If it also includes authentication and authorization, you might need to use something like BlockIP2 (from http://mrmq.dk )to filter incoming connections on that channel by IP address to insure they arrive over the stunnel link. Of course, there is nothing to prevent someone at the remote end from specifying any channel name to connect to so if you secure one channel, you need to secure them all - i.e. make sure that SYSTEM.DEF.* and SYSTEM.AUTO.* channels are disabled or that they use SSL and/or an exit to authenticate the inbound connection.
Finally, be aware that if WMQ is configured to accept the ID presented by the client then the connection has full administrative access and that includes remote code execution. To prevent this you must configure all inbound channels (RCVR, RQSTR, CLUSRCVR and SVRCONN) that are not administrative with a low-privileged ID in the channel's MCAUSER. For any channels that are intended for administrators, authenticate these with SSL. (Hopefully your 3rd party SW is an application and not an administrative tool! Any WMQ admin tool must support SSL or else don't use it!)
So by all means use stunnel to secure this link, just be sure to secure the rest of the QMgr or else anyone who can legitimately connect (or even anonymous remote users if you leave MCAUSER blank and aren't using SSL and/or exits) will just bypass the security or disable it.
There's a copy of the IMPACT presentation Hardening WMQ Security at https://t-rob.net/links/ which explains all this in more detail.
Rob - I agree with you. For that only we have MQIPT. Which is much better. For STunnel for MQ i have sloved the problem.
Keys -U need a .pem key (From Key manager you can create .p12 and use open ssl to covert to .PEM).
Client Side: Download and install stunnel have followoling entries in the config file
cert = XXX.pem
client = yes
[MQ]
accept = 1415
connect = DestinationIP:1415
Server Side:
cert = xxx.pem
client = no
[MQ]
accept = 1415
connect = MQIP:1415
Once you do this all you have do is just call the amquputc with the Queue name.