Securing access to Java messaging services (JMS)
The Sterling™ Order Management System Software applications use Java™ Messaging Services (JMS) for many reasons.
This also includes:
- Intermediate message queue for interoperability or integration reasons. For example, Distributed Order Management could send orders, as messages, to an integration queue to an external system for processing. Similarly, a legacy order capture system could send orders to the Sterling Order Management System Software for order fulfillment.
- Work-in-progress messages that are used by IBM® Sterling B2B Integrator servers. The fulfillment application uses these agent queues as a means to store and dispatch task messages to agent processes.
By default, JMS vendors create queues to allow complete unrestricted access. As a result, by
default, unauthenticated attackers can, at a minimum, do the following:
- Browse messages in queues, which could lead to loss of confidentiality
- Inject new messages or alter existing messages, which could lead to loss of integrity
- Flood message queues with bogus messages, which could lead to loss of availability
Depending on your security threat models, you may want to secure your message queues so that only authenticated users can access the queues and messages in flight are encrypted to ensure confidentiality.
Client side configuration
After you have secured your JMS resources, refer to the Securing JMS integration topic for instructions on how to configure your IBM application to access those resources.