Securing Microsoft Message Queue Server

   

Microsoft Message Queue Server (MSMQ) implements asynchronous communications by enabling your enterprise application to send messages to, and receive messages from, other application components. This is a significant benefit for your enterprise design: your application can use MSMQ to send messages and continue processing regardless of whether the receiving application is running or reachable over the network. MSMQ makes sure that messages are delivered.

This presents a security problem for your enterprise application. If the network infrastructure has failed, and the message is temporarily held in a queue, how can the queue be protected? Even more basic, how can you protect the message itself from eavesdropping?

The answer is that MSMQ controls access to queues by integrating with the Windows NT Directory Services and object-based Access Control Lists. You can define privileges and access rights, such as who can send to a queue or receive from a queue, on a queue-by-queue basis. MSMQ can also use the Microsoft CryptoAPI to protect message privacy, use checksum on messages for integrity, and digitally sign messages for non-repudiation protection.

For More Information   For an introduction to incorporating cryptographic security with the Microsoft CryptoAPI, see Using the Microsoft CryptoAPI in this chapter. For more information on configuring the security features of Microsoft Message Queue Server, search for "Setting Access Control Security for a Queue" in MSDN Library Visual Studio 6.0.