[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed serve
|
From: |
Sebastian Hilbert |
|
Subject: |
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server |
|
Date: |
Sun, 1 Aug 2010 09:58:08 +0200 |
|
User-agent: |
KMail/1.13.3 (Linux/2.6.33-6-desktop; KDE/4.4.5; i686; ; ) |
Am Sonntag 01 August 2010, 09:18:54 schrieb Jim Busser:
> On 2010-07-30, at 1:42 PM, Sebastian Hilbert wrote:
> >>> The pyjamas web app use the exact same security the wxpython
> >>> app does. the only difference is that it transports the information via
> >>> the http protocol.
>
> Some thoughts…
>
> - users who would connect would be using a standard browser
>
> - we may agree that authentication plus transfer of patient information
> ought to be over an encrypted connection
>
> - simplehttp provides only http
>
Seems like ssl is possible as well
http://code.activestate.com/recipes/442473-simple-http-server-supporting-ssl-
secure-communica/
> - how to provide the encryption... do it inside apache?
> http://blog.elzapp.com/docs/apache-proxy
> is there any better alternative?
>
> - the connecting user should point to
> https://<IP or domain name of gnumed server"
> if IP, user would need to ignore the SSL certificate (hostname mismatch)
> if domain name
> - needs to be registered
> - needs an SSL certificate
> - if self-signed, user needs a way to know to trust it, and add
> to
> browser
>
> - does server (simplehttp) inside apache need to be listening to port 443?
>
> - or can apache redirect port 443 traffic to simplehttp
>
> - or does some other layer (or device) do this?
>
I cannot comment as I know too little about that.
I believe to have read that Luke modified simplehttp somwhow. I guess he can
comment on the ssl part. This is reasonable for using your PC/netbook in an
open WLAN but on an untrusted PC the keylogger installed by the trojans will
give your keystrokes away anyway.
For access from an untrusted PC it might be reasonable to set up some sort of
limited database where you would export only the patients you are likely going
to access during your out of office visit. For any patient not in that
database you would have to call you office staff to copy a record to that
limited database. Or you have an app on your phone for that which can invoke
record cpoying on demand.
Now I understand where you one-time password quest comes from.
Sebastian
- [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Sebastian Hilbert, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server,
Sebastian Hilbert <=
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Luke Kenneth Casson Leighton, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Karsten Hilbert, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Luke Kenneth Casson Leighton, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Luke Kenneth Casson Leighton, 2010/08/01
- Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Jim Busser, 2010/08/01
Re: [Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server, Karsten Hilbert, 2010/08/01