Re: [Gnumed-devel] Re: GNUmed (debian) servers and security

[Karsten Hilbert]

On Mon, Jan 28, 2008 at 01:38:40PM +0100, RKI Andreas wrote:

>> 3. The server medical data (Postgres cluster for GNUmed, dumps, 
>> downloaded HL7 messages etc) should live on an encrypted partition. 
>> Truecrypt seems to have become the standard for multi-OS encryption but 
>> its license does not qualify for direct Debian distributions. Is it 
>> still wiser / better to use it, over (say) cryptmount?
>>      http://www.debian-administration.org/articles/506
>
> I would stick to the default encryption method that is used at installation
> time.  I admit I did not cared what actually is used.  (I only care about
> things that do not work as I want them to work and there was no need to
> worry about anything so far.)
Which, however, requires to determine whether the defaults
are suitable. Something may work w/o problems but not be
suitable, such as would the lines

local * * * trust
host * * * trust
hostssl * * * trust

at the top of pg_hba.conf. They will allow access just fine
but are NOT suitable.

> BTW, regarding GNUmed server packages: It is not that I would not like to
> build thos packages but I feel that they require a certain amount of time
> to test any make sure that everything works fine.
Absolutely. No one is blaming you.

> I'm currently not able
> to spend much time in a row that I expect to be needed.  I really hope
> (but only _hope_) that it might become better soon.  If you would like
> to speed this up you might perhaps try to prepare some packages and I
> will verify / test / enhance them.
That's why I CC'ed you on the server RPMs such that you
might see how this *can* work and perhaps gain insights for
the DEBs.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346