Compartilhar via


MSMQ Security (Windows CE 5.0)

Send Feedback

To provide a more secure environment, the default Message Queuing (MSMQ) registry setup in the embedded implementation of MSMQ is more restrictive.

For example, to prevent a rogue application from causing a denial of service for a device, MSMQ limits the quota for message storage instead of allowing unlimited storage. The registry allows developers to configure MSMQ for optimal deployment.

Best Practices

Consider the following best practices.

Limit the size for storage and size of incoming and outgoing messages

The default registry setup limits the size of queue quota for incoming and outgoing messages, as well as a system-wide quota. This prevents a denial of service when the system becomes overwhelmed with high traffic that depletes limited resources.

The following registry values set the quota:

  • DefaultQuota
  • DefaultLocalQuota
  • MachineQuota

For more information, see MSMQ Registry Settings.

Set up a trusted environment

The default MSMQ registry setup sets the UntrustedNetwork registry value to "Yes" to minimize exposure to unknown networks.

This setting prevents message routing.

You can change the MSMQ behavior using the registry or the MSMQAdm utility. For more information, see MSMQ Registry Settings and Using the MSMQAdm Utility.

Select the appropriate protocol

When MSMQ is registered as a service, it no longer processes messages unless you enable the protocol–native MSMQ or the SOAP-based MSMQ.

You can use the registry or the MSMQAdm utility to configure the service.

To enable the SOAP-based MSMQ, set the SRMPEnabled value to "Yes".

To enable the native MSMQ, set the BinaryEnabled value to "Yes"; then set UntrustedNetwork value to "Yes".

For more information, see MSMQ Registry Settings and Using the MSMQAdm Utility.

The following example illustrates the MSMQAdm commands to enable and disable the MSMQ protocols.

;default activation
msmqadm register srmp
msmqadm start

;enter private network
msmqadm stop
msmqadm enable srmp               ;sets SRMPEnabled to "Yes"
msmqadm enable trust              ;sets UntrustedNetwork to "No"
msmqadm start

;leave the private network
msmqadm stop
msmqadm disable srmp              ;sets SRMPEnabled to "No"
msmqadm disable trust             ;sets UntrustedNetwork to "Yes"
msmqadm start

Default Registry Settings

Be aware of registry settings that impact security. If a value has security implications you will find a Security Note in the registry settings documentation.

For MSMQ registry information, see MSMQ Registry Settings.

Ports

The following ports are used by MSMQ.

For more information, see MSMQ Registry Settings.

Port number Registry value
3527 PingPort
1801 Port

See Also

Message Queuing | MSMQ Application Development | MSMQ Registry Settings | Enhancing the Security of a Device

Send Feedback on this topic to the authors

Feedback FAQs

© 2006 Microsoft Corporation. All rights reserved.