On Sun, Dec 10, 2000 at 01:50:02PM -0500, Derek Atkins wrote:
> One of my personal requirements is strong security. This implies data
> encryption, data integrity, and cryptographic user authentication
> between the GnuCash engine and the Database datastore (especially if
> they are on different machines). How does an application communicate
> to the database? I want to make sure that GnuCash doesn't depend upon
> e.g. PostgreSQL's network security model.
So what are the requirements? What exactly do you mean by strong
security?
> The architecture that I envision basically has three parts, the
> Database filestore, the GnuCash Engine, and the GnuCash UI. The
> network connection can be either between the UI and the Engine, or
> between the Engine and the Filestore. (I suppose that there could be
> a network connection between all three pieces, but I'm not sure why
> one would do that).
Why, one would do it for buzzword compliance, of course! Look, honey,
my app is n-tier!
The same project I have referred to before here, which was an
automated medical bill review project, had no less than 5 application
servers. And it was *still* as slow as a dog.
And, lest you quiver with fear, I did *not* architect that system. I
was but a poor programmer forced to work with it. :'(
> I would like to have an architecture where "standard" access to the
> data (i.e. not using the DB Admin interfaces) would require strong
> cryptographic security. This implies that data stored in the database
> would require ACL information tied to each object in order to
> authorize access.
>
> David, as your move forward with DB schema, I'd like to work with you
> on a viable security model. Unfortunately I don't understand enough
> about SQL or databases to really understand how we might interpose
> ourselves across the network.
I know plenty about databases, but only bits and pieces about
security. Hopefully between us and others on the project we'll get it
done right.
--
Dr. David C. Merrill http://www.lupercalia.net
Linux Documentation Project [EMAIL PROTECTED]
Collection Editor & Coordinator http://www.linuxdoc.org
Finger me for my public key
I never vote for anyone. I always vote against.
-- W.C. Fields
_______________________________________________
gnucash-devel mailing list
[EMAIL PROTECTED]
http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel
