[Gnumed-devel] security & architecture (was Re: Texlive and Gnumed)

[Gour]

On Tue, 9 Mar 2010 21:53:39 +0100
>>>>>> "Karsten" == <address@hidden> wrote:

Karsten> No need to apologize !  In fact, you can feel proud that you
Karsten> made a difference (for reasons of civility I shall not
Karsten> speculate on whether to the worse or the better :-)

No need to speculate, it's obvisous. :-) :-(

Karsten> > Karsten> I would appreciate if you could investigate and
Karsten> > Karsten> post a detailed report on how they achieve this. If
Karsten> > Karsten> it is possible to do without giving up basic access
Karsten> > Karsten> security we shall like to do as they do !
Karsten> > 
Karsten> > I can try my best...
Karsten> 
Karsten> I'm looking forward to that !

Well, I did not dive into code, but just employed my thinking a bit
and I believe the difference is due to the design...

Tryton is 3-tier architecture which means that the client is very thin
and the client <---> server uses xml-rpc (or net-rpc).

Otoh, the following comment in /etc/trytond.conf reveals why I am able
to create database from login dialog: "db_user must have create
permission for new databases to be able to use automatic database
creation with the Tryton client." which is satisfied in my case.

Moreover, as you can see from
http://code.google.com/p/tryton/wiki/SSLHowto 

it is very easy to put SSL in use to secure communication.

GNUmed, afaict, is more MVC, client is not really thin and that's why
it is not the same situation.


Sincerely,
Gour

-- 

Gour  | Hlapicina, Croatia  | GPG key: F96FF5F6
----------------------------------------------------------------

signature.asc
Description: PGP signature