Data integrity in IBM MQ
You can use a data integrity service to detect whether a message has been modified.
- You can use TLS to detect whether the contents of a message have been deliberately
modified while it was being transmitted over a network. In TLS, the message digest algorithm
provides detection of modified messages in transit.
All IBM MQ CipherSpecs provide a message digest algorithm, except for TLS_RSA_WITH_NULL_NULL, which does not provide message data integrity.
IBM MQ detects modified messages upon receiving them; on receiving a modified message, IBM MQ throws an AMQ9661 error message and the channel stops.
- While messages are stored on a local queue, the access control mechanisms provided
by IBM MQ might be considered sufficient to prevent
deliberate modification of the contents of the messages.
However, for a greater level of security, you can use Advanced Message Security to detect whether the contents of a message have been deliberately modified between the time the message was put on the queue and the time it was retrieved from the queue.
Upon detecting a modified message, the application attempting to receive the message receives a 2063 return code and, if using an MQGET call, the message is moved to the SYSTEM.PROTECTION.ERROR.QUEUE