Protection of database authentication details
If your are using user name and password authentication to connect to the database manager, you can store them in the MQ XA credentials store to avoid storing the password in plain text in the qm.ini file.
Update XAOpenString for the resource manager
To use the credentials store you must modify XAOpenString in the qm.ini
file. The string is used to connect to the database manager. You specify replaceable fields to
identify where the user name and password are substituted within the XAOpenString string.
- The
+USER+
field is replaced with the user name value stored in the XACredentials store. - The
+PASSWORD+
field is replaced with the password value stored in the XACredentials store.
The following examples show how to modify an XAOpenString to use the credentials file to connect to the database.
- Connecting to a Db2® database
-
XAResourceManager: Name=mydb2 SwitchFile=db2swit XAOpenString=db=mydbname,uid=+USER+,pwd=+PASSWORD+,toc=t ThreadOfControl=THREAD
- Connecting to an Oracle database
-
XAResourceManager: Name=myoracle SwitchFile=oraswit XAOpenString=Oracle_XA+Acc=P/+USER+/+PASSWORD++SesTm=35 +LogDir=/tmp+threads=true ThreadOfControl=THREAD
Work with the credentials for the database to the MQ XA credentials store
After you update the qm.ini file with the replaceable credential strings, you must add the user name and password to the MQ credentials store by using the setmqxacred command. You can also use setmqxacred to modify existing credentials, delete credentials, or list credentials. The following examples give some typical use cases:
- Adding credentials
-
The following command securely saves the user name and password for the queue manager
QM1
for the resourcemqdb2
.setmqxacred -m QM1 -x mydb2 -u user1 -p Password2
- Updating credentials
-
To update the user name and password used to connect to a database, re-issue the setmqxacred command with the new user-name and password:
You must restart the queue manager for the changes to take effect.setmqxacred -m QM1 -x mydb2 -u user3 -p Password4
- Deleting credentials
- The following command deletes the
credentials:
setmqxacred -m QM1 -x mydb2 -d
- Listing credentials
- The following command lists credentials:
setmqxacred -m QM1 -l