This document applies only to the following language version(s): English
Question
What is the purpose of MQEnvironment.password?
Does it get validated at the OS level?
When running a WebSphere MQ Java™ Client program, you supply values in the MQEnvironment.userID and the MQEnvironment.password. However, it seems that MQ ignores the MQEnvironment.password,
You find that you have access to queues, regardless of the value of the password (even if the password is not a valid one).
Answer The MQEnvironment.password is used by a user written security exit program. If a password supplied by an application has to be validated, then you must have a security exit that validates the password.
The validation of the userID is done at the operating system level.
Additional information WebSphere MQ validates only the userID passed from the client application and the password is always ignored.
Client side: If a security exit is defined for the client, then this security exit may validate the password. If a security exit is not defined for the client, then the value of the password is transmitted to the server.
Server side: If a security exit is defined for the server, then this security exit might validate the password. If a security exit is not defined for the server, then the value of the password is ignored.