MSMQ Security
MSMQ Security
Windows Mobile SupportedWindows Embedded CE Supported
8/28/2008

To provide a more secure environment, the default Message Queuing (MSMQ) registry setup in more restrictive.

For example, to prevent a rogue application from causing a denial of service for a device, MSMQ limits the quota for message storage instead of allowing unlimited storage. The registry allows developers to configure MSMQ for optimal deployment.

Best Practices

Consider the following best practices.

Limit the size for storage and size of incoming and outgoing messages

The default registry setup limits the size of queue quota for incoming and outgoing messages, as well as a system-wide quota. This prevents a denial of service when the system becomes overwhelmed with high traffic that depletes limited resources.

The following registry values set the quota:

  • DefaultQuota
  • DefaultLocalQuota
  • MachineQuota

For more information, see MSMQ Registry Settings.

Set up a trusted environment

The default MSMQ registry setup sets the UntrustedNetwork registry value to "Yes" to minimize exposure to unknown networks.

This setting prevents message routing.

You can change the MSMQ behavior using the registry or the MSMQAdm utility. For more information, see MSMQ Registry Settings and Using the MSMQAdm Utility.

Select the appropriate protocol

When MSMQ is registered as a service, it no longer processes messages unless you enable the protocol–native MSMQ or the SOAP-based MSMQ.

You can use the registry or the MSMQAdm utility to configure the service.

To enable the SOAP-based MSMQ, set the SRMPEnabled value to "Yes".

To enable the native MSMQ, set the BinaryEnabled value to "Yes"; then set UntrustedNetwork value to "Yes".

For more information, see MSMQ Registry Settings and Using the MSMQAdm Utility.

The following example illustrates the MSMQAdm commands to enable and disable the MSMQ protocols.

;default activation
msmqadm register srmp
msmqadm start

;enter private network
msmqadm stop
msmqadm enable srmp               ;sets SRMPEnabled to "Yes"
msmqadm enable trust              ;sets UntrustedNetwork to "No"
msmqadm start

;leave the private network
msmqadm stop
msmqadm disable srmp              ;sets SRMPEnabled to "No"
msmqadm disable trust             ;sets UntrustedNetwork to "Yes"
msmqadm start
Default Registry Settings

Be aware of registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For MSMQ registry information, see MSMQ Registry Settings.
Ports

The following ports are used by MSMQ.

For more information, see MSMQ Registry Settings.

Port number Registry value

3527

PingPort

1801

Port

See Also

Concepts

MSMQ Registry Settings

Other Resources

Message Queuing
Message Queuing
Enhancing the Security of a Device
Community Content

Is this translated from Chinese by a Non-Native Speaker?
Added by:Thomas Lee
"To provide a more secure environment, the default Message Queuing (MSMQ) registry setup in more restrictive."
© 2009 Microsoft Corporation. All rights reserved.   Terms of Use | Trademarks | Privacy Statement
Page view tracker
Rate the Lightweight library
x
Lightweight builds on ScriptFree (loband) by adding features you've requested: a SearchBox and default code language selection.
Do you like the SearchBox?
Do you like the tabbed code blocks?
How useful is this topic?
Tell us more.
Thanks
x
You're helping to improve MSDN Online.
Feedback
Switch View
x
Classic
Lightweight Beta
ScriptFree
Switch View