Skip to Main Content
IBM Z Software


This portal is to open public enhancement requests against IBM Z Software products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Status Not under consideration
Categories z/TPF
Created by Guest
Created on Feb 14, 2013

MQ Receive user exit

The customer typically uses the CDCSVRCHL SVRCONN channel to monitor system usage using the Tivoli CDC client but realize that any workstation with MQ client software installed can connect to CDCSVRCHL and MQGET/MQPUT to any queue.  Is there a preferred or recommended way to accomplish the following:

1) restrict MQOPEN/MQPUT/MQGET to queues that are associated with a given SVRCONN channel

2) prevent MQPUT from any client connected to the CDCSVRCHL SVRCONN channel

The security exit can limit the clients based on IP address or some other criteria, (CUIT.CPP SAMPLE3) or if they install a security exit
on the client (Send data to Server) they can exchange information limiting the connection to known clients.

As for limiting the actual API's sent and to which queue's we do not support the Receive User exit which would be able to handle this.

The MQ team in the lab has discussed this request and with SDO/CDC and others using MQ Serverconn channels we can see the value in having a user exit for this.

Idea priority Medium
  • Guest
    Reply
    |
    Apr 17, 2018

    The security exit can be used to prevent clients from connecting.

  • Guest
    Reply
    |
    Apr 17, 2018

    IBM does not intend to do this in the foreseeable future.

  • Guest
    Reply
    |
    Oct 14, 2015

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - Servers and Systems Software
    Product family - z Systems Software
    Product - z/TPF

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - z/TPF

  • Guest
    Reply
    |
    Jan 13, 2014

    Due to processing by IBM, this request was reassigned to have the following updated attributes:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - z/TPF
    Component - z/TPF

    For recording keeping, the previous attributes were:
    Brand - WebSphere
    Product family - Transaction Processing
    Product - z/TPF
    Component - Runtime