Selection criteria

You should use an authenticator if you need to provide additional controls to prevent access to the local data by unauthorized users. In some ways using an authenticator is unnecessary since providing the key password automatically limits access to those who know this secret.

Queue-based security, uses mini-certificate based mutual authentication, and message-level protection.

which uses digital signature. In the case of mutual authentication it is normal to think about authentication between two users or two applications. WebSphere® MQ Everyplace® deliberately separates the concepts of target of authentication anduser. This means that, internally, WebSphere MQ Everyplace authenticates all queue managers that can either originate or be the target of mini-certificate dependent services. In addition, WebSphere MQ Everyplace also authenticates queues that are defined to use mini-certificate based authenticators. Therefore, a queue manager that supports these services may authenticate only the queue manager, or the queue manager and every queue that uses the certificate based authenticator.

The choice of cryptor is driven by the strength of protection required. The stronger the encryption, the more difficulty an attacker would face when trying to get illegal access to the data. Data protected with symmetric ciphers that use 128 bit keys is acknowledged as more difficult to attack than data protected using ciphers that use shorter keys. However, in addition to cryptographic strength, the selection of a cryptor may also be driven by many other factors. An example is that some financial solutions require the use of triple DES in order to get audit approval.

You should use a compressor if you need to optimize the size of the protected data. However, the effectiveness of the compressor depends on the content of the data. The Java™ MQeRleCompressor and the C MQE_RLE_COMPRESSOR perform run length encoding. This means that the compressor routines compress or expand repeated bytes. Hence it is effective in compressing and decompressing data with many repeated bytes. MQeLZWCompressor uses the LZW scheme. The simplest form of the LZW algorithm uses a dictionary data structure in which various words, or data patterns, are stored against different codes. This compressor is likely to be most effective where the data has a significant number of repeating words, or data patterns. The MQeGZIPCompressor uses the same compression algorithm as the gzip command on UNIX®. This searches for repeating patterns in the data and replaces subsequent occurrences of a pattern with a reference back to the first occurrence of the pattern.


Terms of use | WebSphere software

(c) Copyright IBM Corporation 2004, 2005. All rights reserved.