Roger's Blog on MQ, Java, C, etc… | A blog about IBM MQ, Java, C and other things developers or MQAdmins need to know.

New: MQ Enterprise Security Suite

March 10, 2011 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Enterprise Security Suite.

MQ Enterprise Security Suite (MQESS) is a new solution that provides authentication and data protection (Channels and Queues) for WebSphere MQ.

MQ Enterprise Security Suite is comprised of:

MQ Authenticate Security Exit for Authentication
MQ Channel Encryption for Data Protection for Channels
MQ Message Encryption for Data Protection for Queues

MQESS operates with WebSphere MQ v6.0 or v7.0 in Windows, Unix, IBM i (OS/400) and Linux platforms.

For more information about MQESS, please go to:
https://www.capitalware.com/mqess_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Enterprise Security Suite, Security, Unix, Windows Comments Off

New: MQ Message Encryption v1.0.0

March 8, 2011 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Message Encryption v1.0.0.

MQ Message Encryption (MQME) provides encryption for MQ message data while it resides in a queue and in the MQ logs (i.e. all data at rest). In cryptography, encryption is the process of transforming information into an unreadable form (encrypted data). Decryption is the reverse process. It makes the encrypted information readable again. Only those with the key (PassPhrase) can successfully decrypt the encrypted data. MQME uses Advanced Encryption Standard (AES) to encrypt the data. AES is a data encryption scheme, adopted by the US government, that uses three different key sizes (128-bit, 192-bit, and 256-bit).

One of the features that MQME offers is the ability to control who accesses protected queues. This control is obtained through the use of UserID grouping. The group files are implemented in a similar manner to the way they are implemented in Unix and Linux (i.e. /etc/group file). Normally, the ‘mqm’, ‘QMQM’ or ‘MUSR_MQADMIN’ MQ UserIDs or any UserID in the ‘mqm’ group get full access to all messages in all queues. For queues protected by MQME, those privileged UserIds do not get access to the messages in the protected queues unless they are explicitly added to the authorized list of users or groups.

Another feature of MQME is its ability to generate and validate the message via a digital signature. MQME uses the SHA-2 to create a cryptographic hash function (digital signature) for the message data. The digital signature provides verification that the message data has not been altered.

MQME is an MQ API Exit that operates with WebSphere MQ v5.3, v6.0 or v7.0 in Windows, Unix, IBM i (OS/400) and Linux platforms.

For more information about MQME, please go to:
https://www.capitalware.com/mqme_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Message Encryption, Security, Unix, Windows Comments Off

Why choose MQ Channel Encryption over SSL?

March 8, 2011 Roger Lacroix

MQ Channel Encryption (MQCE) is priced at $299 USD (volume discounts available) per queue manager plus 15% yearly maintenance and support fee. SSL costs roughly $400 per certificate per year from a 3rd party CA (Certificate Authority). Hence, MQCE’s initial cost is cheaper than SSL and the ongoing yearly cost of MQCE is substantially cheaper than the yearly SSL certificate cost (i.e. $45 vs $400).

When a user purchases MQCE licenses, they receive permanent MQCE license keys (i.e. do not expire). SSL certificates expire yearly. If the MQAdmin forgets to update a queue manager’s SSL certificate and it expires, then the channels using SSL stop working.

If the MQAdmin has 50, 100 or more queue managers, how much time is wasted each year by the MQAdmin, just to update each queue manager’s SSL certificate?

There is no logging capability to see who accessed which queue manager (MQCE has logging capability).
This form of security is only as secure as the integrity of the client side certificates. Anyone who possesses a copy of the certificate will have full access.
SSL is dangerous on a Windows PC because a user can copy the ‘keystore’ file to another PC and use the use the ‘keystore’ to successfully connect to the queue manager from the other PC! (i.e. The user can boot the PC from floppy and copy the ‘keystore’ file to diskette.)

For more information about MQCE, please go to:
https://www.capitalware.com/mqce_overview.html

Food for thought.

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Message Encryption, Security, Unix, Windows, z/OS Comments Off

Security White Paper

March 3, 2011 Roger Lacroix

James Michael Stewart of Global Knowledge has written a white paper called: Ten Ways Hackers Breach Security

Here’s the interesting part:

All too often when hacking is discussed, it is assumed that the hacker is some unknown outsider. However, studies have shown that a majority of security violations actually are caused by internal employees. So, one of the most effective ways for a hacker to breach security is to be an employee. This can be read in two different ways. First, the hacker can get a job at the target company and then exploit that access once they gain the trust of the organization. Second, an existing employee can become disgruntled and choose to cause harm to the company as a form of revenge or retribution.

When are companies going to secure their MQ environments, so that internal employees cannot get access to sensitive/confidential data?

Note: Please do not say we use a firewall, we use RACF (for z/OS) or the channel’s MCAUSER field has a value because that is NOT securing your MQ environment.

Regards,
Roger Lacroix
Capitalware Inc.

IBM i (OS/400), IBM MQ, Linux, macOS (Mac OS X), MQ Authenticate User Security Exit, MQ Channel Encryption, MQ Enterprise Security Suite, MQ Message Encryption, MQ Standard Security Exit, Unix, Windows, z/OS Comments Off

New WebSphere MQ v6 End of Service Date

March 3, 2011 Roger Lacroix

The original WebSphere MQ v6 End of Service date was September 30th, 2011, as noted in my blog posting here:
https://www.capitalware.com/rl_blog/?p=98

Just recently, IBM has changed/updated the WebSphere MQ v6 End of Service date to be September 30th, 2012 (they added one more year).
http://www.ibm.com/software/websphere/support/lifecycle/

http://www.ibm.com/common/ssi/ShowDoc.jsp?docURL=/common/ssi/rep_ca/2/897/ENUS211-072/index.html&breadCrum=DET001PT288&url=buttonpressed=DET001PT008&page=0&user+type=EXT&submit.x=12&submit.y=6&lang=en_US

Regards,
Roger Lacroix
Capitalware Inc.

IBM i (OS/400), IBM MQ, Linux, Unix, Windows, z/OS Comments Off

Flocking

March 3, 2011 Roger Lacroix

And now for something completely different: flocking (aka group behavior). If you ever had a need for an algorithm that handles flocking then have a look at this article (its really interesting):
http://harry.me/2011/02/17/neat-algorithms—flocking

Regards,
Roger Lacroix
Capitalware Inc.

C, Java, Open Source, Programming Comments Off

New: MQ Channel Encryption v2.0.0

February 28, 2011 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Channel Encryption (MQCE) v2.0.0.

MQCE provides encryption for WebSphere MQ (WMQ) message data over WMQ channels. MQCE operates with Sender, Receiver, Server, Requestor, Cluster-Sender, Cluster-Receiver, Server Connection and Client Connection channels of the WMQ queue managers. MQCE uses Advanced Encryption Standard (AES) to encrypt the data and SHA-2 to create a digital signature.

MQCE operates with WMQ v5.3, v6.0 and v7.0 on Windows, iSeries (OS/400), Unix and Linux environments.

For more information about MQCE go to:
https://www.capitalware.com/mqce_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM i (OS/400), IBM MQ, Linux, MQ Channel Encryption, Security, Unix, Windows Comments Off

New: MQ Channel Encryption for z/OS v2.0.0

February 28, 2011 Roger Lacroix

Capitalware Inc. would like to announce the official release of MQ Channel Encryption for z/OS (z/MQCE) v2.0.0.

z/MQCE provides encryption for WebSphere MQ (WMQ) message data over WMQ channels. z/MQCE operates with Sender, Receiver, Server, Requestor, Cluster-Sender, Cluster-Receiver, Server Connection and Client Connection channels of the WMQ queue managers. z/MQCE uses Advanced Encryption Standard (AES) to encrypt the data and SHA-2 to create a digital signature.

z/MQCE operates with WebSphere MQ for z/OS v5.3.1, v6.0 and v7.0 on z/OS v1.4 or higher environments.

For more information about z/MQCE go to:
https://www.capitalware.com/mqce_zos_overview.html

Regards,
Roger Lacroix
Capitalware Inc.

Capitalware, IBM MQ, MQ Channel Encryption, Security, z/OS Comments Off

Capitalware releases MQRC2 v1.0.0

February 22, 2011 Roger Lacroix

Do you use IBM’s MQRC program? Do you wish it could display more information? I created an application called MQRC2 to fill this need.

MQRC2 application can interpret an MQ reason code number (i.e. 2035), MQ reason code symbol (i.e. MQRC_OBJECT_IN_USE) or AMQ message number (i.e. AMQ4005) and display the relevant information from the WebSphere MQ Messages manual.

Note: The information outputted belongs to IBM. Capitalware takes no responsibility for the content.

C:\Capitalware\MQRC2>mqrc2 2035

2035 (X'07F3') MQRC_NOT_AUTHORIZED

Explanation:
The user is not authorized to perform the operation attempted:
- On an MQCONN or MQCONNX call, the user is not authorized to connect to the queue manager.
* On z/OS, for CICS applications, MQRC_CONNECTION_NOT_AUTHORIZED is issued instead.
- On an MQOPEN or MQPUT1 call, the user is not authorized to open the object for the option(s) specified.
* On z/OS, if the object being opened is a model queue, this reason also arises if the user is not authorized to create a dynamic queue with the required name.
- On an MQCLOSE call, the user is not authorized to delete the object, which is a permanent dynamic queue, and the Hobj parameter specified on the MQCLOSE call is not the handle returned by the MQOPEN call that created the queue.
- On a command, the user is not authorized to issue the command, or to access the object it specifies. This reason code can also occur in the Feedback field in the message descriptor of a report message; in this case it indicates that the error was encountered by a message channel agent when it attempted to put the message on a remote queue.

Completion Code:
MQCC_FAILED

Programmer Response:
Ensure that the correct queue manager or object was specified, and that appropriate authority exists.

MQRC2 is licensed under Apache License 2.

Regards,
Roger Lacroix
Capitalware Inc.

C, Capitalware, IBM MQ, Open Source Comments Off

MiGLayout v3.7.4 Released

February 19, 2011 Roger Lacroix

MiG InfoCom has just released MiGLayout v3.7.4.
http://www.miglayout.com

For Java developers writing GUI layouts by hand that wants simplicity, power and automatic per platform fidelity, that are dissatisfied with the current layout managers in Swing, JavaFX and SWT, MigLayout solves your layout problems. User interfaces created with MigLayout is easy to maintain, you will understand how the layout will look like just by looking at the source code.

Regards,
Roger Lacroix
Capitalware Inc.

Java, Open Source Comments Off

Search for:
Recent Posts
Blog Calendar
May 2026

M T W T F S S

1 2 3

4 5 6 7 8 9 10

11 12 13 14 15 16 17

18 19 20 21 22 23 24

25 26 27 28 29 30 31

« Apr
Archives
Archives
Capitalware
Categories
IBM MQ
- Terms of Use
- PH71319: THIS IS AN ADMINISTRATIVE APAR TO REPACKAGE THE FIX FOR PH70905. May 18, 2026
- PH70409: ABN=0C4-00000004,LOC=CSQPLPLM.CSQPRAH2+OFFSET AND ABN=5C6-00D70120,U=XXXXX ,C=MQ900.940.BUFF-CSQP3GET,M=CSQGFRCV,LOC=CSQPLPLM. May 15, 2026
- PH67399: ABN=5C6-00E50001,U=XXXXXXXX,C=MQ900.930.DMC -CSQILOC2,M=CSQGFRCV,LOC=CSQILPLM.CSQILOC2+OFFSET May 15, 2026
- PH64495: MQ Z/OS: HIGH LOCAL LOCK CONTENTION FOR THE CHIN JOB May 15, 2026
- PH67368: OUTBOUND SHARED CHANNEL RECOVERY DOES NOT COMPLETE May 14, 2026
- PH69257: CSQ5PQSG UTILITY MIGRATION CHECK May 13, 2026
- IBM MQ Replicated Data Queue Manager Kernel Modules May 13, 2026
- PH70905: Changes to the IBM MQ Managed File Transfer component running on z/OS to support IBM Semeru Java Runtime 21. May 8, 2026
- PH69008: ABN=602-00000000 26/05/08 PTF PECHANGE May 8, 2026
WebSphere MQ
IBM Developer Messaging Blog
T.Rob’s Store and Forward
- MQ Safety Tips for the Pandemic April 5, 2020
- Command Server Gotcha May 14, 2018
- Client-based runmqsc gotcha May 3, 2018
- When deprecated != deprecated January 19, 2018
- Parsing MQ error logs in Splunk December 19, 2017
Mark Taylor’s Blog
- OTel Context Propagation: part 6 – MQ Kafka Connectors May 11, 2026
- OTel Context Propagation: part 5 – Notes on the MQ Tracing Exit March 4, 2026
- OTel Context Propagation for MQ Applications: part 4 – Python February 6, 2026
- End of a platform January 8, 2026
- MQ Monitoring: using queue manager STATISTICS events December 22, 2025
Lyns Random Thoughts
Leif Davidsen’s Blog
Colin Paice on MQ
- Formatting a spread sheet column so it spans multiple columns. May 18, 2026
- Using an external function May 17, 2026
- Sharing status information between functions. May 16, 2026
- Binding in Unix on z/OS. A whole new world May 15, 2026
- Assembler programming without using using – it is all relative May 3, 2026
- Using IPCS to look at z/OS dumps May 3, 2026
- Not for humans but for search engine – BPX May 2, 2026
- Where’s my dump? May 2, 2026
- Processing LOGREC May 2, 2026
- Getting the z/OS standard image to work. April 27, 2026
StackOverflow MQ Questions
- Does every MQQueueManager create a new TCP/IP connection? Best practices for connection reuse/pooling in IBM MQ Java client May 4, 2026
- IBM MQ: CONNS and CURSHCNV show same value despite multiple JMS sessions [closed] April 30, 2026
- MQCONNX ended with reason code 2393 when connecting mTLS enabled queue April 9, 2026
- how to rectify javax.jms.JMSException: Failed to create connection? January 16, 2026
- IBM MQ 2059 (MQRC_Q_MGR_NOT_AVAILABLE) error in .NET 9.0 console app using IBMMQClient with certificate-based SSL setup January 14, 2026
- Azure linux function app to IBM MQ using IBMMQDotnetClient 9.4.2 December 6, 2025
- App need to perform enable/disable queue programmatically December 4, 2025
- Date & time not being shown in japanese October 28, 2025
- How do I / example of adding source info in IBM MQ Header (possible MQRFH2/usr) from DB2 stored procedure October 14, 2025
- Is Q Replication what's called Fast Queue in database async replication October 6, 2025
StackOverflow MQTT Questions
- MQTT connection silently drops on NTP clock jump in embedded Linux (no error, no reconnect) April 9, 2026
- How to create "restricted wildcard subscriptions" March 26, 2026
- (Ab)using ASP.NET Core for non-http message processing? February 12, 2026
- Am I misusing Azure Event Grid’s MQTT multi‑session support by connecting 100 MQTT clients to a single defined MQTT client in Event Grid? February 4, 2026
- android compose mqtt implementation January 26, 2026
- Don't get publish() to work in paho.mqtt.client.on_connect thread January 18, 2026
- Best way to host multiple EMQX instances per server January 15, 2026
- How can I connect to AWS IoT Core MQTT over WebSocket from browser January 9, 2026
- paho Android MQTT client does not send PINGREQ to broker when phone screen is off December 2, 2025
- Prevent multiple subscriptions of same topic in HiveMQ MQTT client November 17, 2025

MQ Enterprise Security Suite is comprised of:

Recent Posts

Blog Calendar

Archives

Capitalware

Categories