We are running OpenMQ 4.4u1 and have multiple queues that use file-based persistence. We are limiting all of our use to the mqssl transport to insure that all of our ObjectMessage instances are encrypted as they are transmitted over our internal network. However, a question came up yesterday that goes to the security of those messages.
The question is this: are the messages when using file-based persistence written to disk in an encrypted format?
I'm guessing that they are simply serialized and anyone that understands Java serialization could deserialize them and read the message content in clear text. If that is the case, we will need to encrypt our message payload prior to transmission if we wish to secure sensitive data included in the messages.