|
| From: | J Busser |
| Subject: | [Gnumed-devel] GNUmed options for security (authentication) including kerberos |
| Date: | Fri, 15 Dec 2006 09:26:19 -0800 |
I was looking over some wiki pages and came acrosshttp://salaam.homeunix.com/bin/view/Gnumed/ DebianKerberosLDAPBindGnumedWalkthrough
Am I correct that a browser based client (like Oscar) --- if required to use https --- avoids interception (in the clear) of the user's id and password at any point along the network?
Am I correct to think that when one accesses a GNUmed server that was set up following the basic installation procedures, there is no protection against such interception, unless extra measures (like kerberization of the server as per Syan's notes) are taken?
If skipping this step or equivalent could be considered poor practice (poor protection of access to patient data) then must we make some reference to this in the installation notes?
Related questions:- are there any extra dependencies for client machines to access kerberized GNUmed or do the basic installations of Linux distros and Windows include support for kerberos so the user would need set up nothing extra on the client machine(s)?
- when adding a new office worker or doctor into kerberized GNUmed would each new person somehow have to be separately registered with kerberos? Would this require user maintenance of a public and private key separate from their GNUmed userid & password?
- though some recommend the kerberos server run no other processes would people feel it is reasonable to run postgres and to serve GNUmed on the same server? Are there additional process that people feel should run on the same server or on a different machine, for example the fetching of results and the handling of email... different machine??? Would running different virtual machines on the same physical machine be a good way to achieve what is desirable, supposing data could be "pushed" across the machines as required?
| [Prev in Thread] | Current Thread | [Next in Thread] |