![]() |
This section highlights information relevant to secure deployment. We recommend that all administrators read this section. |
To ensure secure deployment, EMS administration must meet the following criteria:
Three interacting factors affect the security of destinations (that is, topics and queues). In a secure deployment, you must properly configure all three of these items:
authorization
parameter (see Authorization Parameter, below)secure
property of individual destinations (see secure
)
The server’s authorization
parameter acts as a master switch for checking permissions for connection requests and operations on secure destinations. The default value of this parameter is disabled
the server does not check any permissions, and allows all operations. For secure deployment, you must enable this parameter.
admin
password is no password at all. Until you set an actual password, the user admin
can connect without a password. Once the administrator password has been set, the server always requires it.
admin
password immediately after installation; see Assign a Password to the Administrator.
When authorization
is enabled, the server requires a name and password before users can connect. Only authenticated users can connect to the server. The form of authentication can be either an X.509 certificate or a username and password (or both).
When authorization
is disabled, the server does not check user authentication; all user connections are allowed. However, even when authorization
is disabled, the user admin
must still supply the correct password to connect to the server.
Even when authorization
is enabled, the administrator (admin
) may explicitly allow anonymous user connections, which do not require password authorization. To allow these connections, create a user with the name anonymous
and no password.
For more information on destination security, refer to the destination property secure, and Adding the secure Property to the Topic.
For communication security between servers and clients, and between servers and other servers, you must explicitly configure SSL within EMS; see Using the SSL Protocol.
SSL communication requires software to implement SSL on both server and client. The EMS server includes the OpenSSL implementation. Java client programs must use either JSSE (part of the Java environment) or separately purchased SSL software from Entrust; neither of these are part of the EMS product. C client programs can use the OpenSSL library shipped with EMS.
The server uses only one source of X.509 certificate authentication data, namely, the server parameter ssl_server_trusted
(its value is set in EMS an configuration file). See ssl_server_trusted
.
The server can use two sources of secure password authentication data:
You must safeguard the security of EMS configuration files and LDAP servers.
The administration tool can either include or omit a timestamp associated with the output of each command. To ensure a secure deployment, you must explicitly enable the timestamp feature. Use the following administration tool command:
EMS software does not automatically enforce such standards for passwords. You must enforce such policies within your organization.
Audit information is output to log files (and stderr
), and is configured by the server parameters log_trace
and console_trace
(see Tracing and Log File Parameters).
The DEFAULT
setting includes +ADMIN
, so all administrative operations produce audit output. For further details, see Table 35, Server tracing options (Sheet 1 of 2).
Audit information in log files is always timestamped.
Administrators can read and print the log files for audit review using tools (such as text editors) commonly available within all IT environments. EMS software does not include a special tool for audit review.
TIBCO Enterprise Message Service™ User’s Guide Software Release 4.3, February 2006 Copyright © TIBCO Software Inc. All rights reserved www.tibco.com |