gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] lab data fetcher/importer connection methods


From: Karsten Hilbert
Subject: Re: [Gnumed-devel] lab data fetcher/importer connection methods
Date: Wed, 16 Feb 2005 06:56:24 +0100
User-agent: Mutt/1.3.22.1i

> > > MediNet's Visual Basic (MS) desktop client
> > > - optionally runs in unattended mode
> > > - is configured by Medinet to hold the account id(s) for the
> > > mailbox(es) [directories] that are to be queried
> > > - runs an interactive session via ssh
> Fair enough.
> > > - ssh connects to MediNet "frontend" server (outside firewall)
> > > - client (??) "calls"(??)
> How?
Well, connecting with ssh gives you a shell. Then just locally
run a shell script on the remote machine. That in turn
fetches, pushes and cleans up.

> > > Manual customer-initiated sftp connections would be a confidentiality
> > > problem because sftp daemons are (apparently) not very good about
> > > restricting navigation across directories. Userid/pw credentials are
> > > not mapped/mappable to individual mailbox directory levels, ergo if a
> > > person connected *manually* there would be nothing to stop them
> > > browsing other directories
> There relying on their remote client to restrict itself to the correct 
> directories?
> That's insane.
It surely is. I wonder how millions of FTP sites (let alone
sftp ones) are restricting their users to directories they
want them to be able to see. Admittedly, FTP servers are a
known culprit for hacks. Carefully paying heed to patching
known issues should get around that, though. Nonetheless the
above is doable with Linux by a competent admin.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346




reply via email to

[Prev in Thread] Current Thread [Next in Thread]