Message protection

The authentication services provided by WebSphere Event Broker ensure that only legitimate message brokers and client applications can connect to each other. However, a hacker might still be able to observe messages in transit or interfere with messages on established connections. Message protection provides security options to protect your messages against such activities.

You cannot use message protection if you are using 'simple telnet-like password authentication'.

Because the use of message protection can have an adverse affect on the performance of your publish/subscribe system, and because security is not equally important for all messages, you might want to define different levels of message protection for different messages. You do this by assigning a Quality of Protection (QoP) value to each topic in your publish/subscribe system.

There a four QoP values. They give the following levels of protection:
n
This is the default value. It gives no message protection.
c
This provides channel integrity. With this level of protection, hackers are unable to insert or delete messages without being detected.
m
This provides message integrity. With this level of protection, hackers are unable to change the content of a message without being detected.
e
This provides message encryption. With this level of protection, hackers are unable to look at the content of a message.

The protection levels are cumulative. For example, if you specify message encryption, you also get message integrity and channel integrity; if you request message integrity, you also get channel integrity.

If any QoP settings are made, all clients that connect to the broker must use a security level that supports message integrity or message encryption.

Related concepts
Authentication services
Quality of protection
Related tasks
Using message protection
Implementing quality of protection
Related reference
mqsichangeproperties command