1

I am currently evaluating whether MSMQ is going to be suitable for use in an application that is sold to large companies. MSMQ will be used to send messages between multiple processes on the same machine, with the possibility of these separate processes being put onto separate machines later on.

As part of this evaluation, I need to consider the security implications of deploying and using MSMQ as part of our application, and what restrictions this may put on us (eg. by having the IT departments at those large companies not allow MSMQ for security reasons). As I'm just evaluating MSMQ, I don't know much about its set-up.

What would worry you about installing an application inside your company that uses MSMQ?

adrianbanks
  • 157
  • 7

1 Answers1

1

There are no security reasons for not having MSMQ in a large company's IT infrastructure.

Do you want to make MSMQ secure? If so then use certificates to encrypt messages on the wire and authenticate user accounts. Don't use Windows security as SIDs can easily be spoofed in a message. Useful for resisting DOS attacks. You can also use SSL to send messages over HTTPS.

If instead you are looking at reliability and stability then this blog post should help: Insufficient Resources? Run away, run away!

John Breakwell
  • 757
  • 5
  • 11