gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] System Functional Requirements


From: Karsten Hilbert
Subject: Re: [Gnumed-devel] System Functional Requirements
Date: Sun, 20 Mar 2016 15:02:55 +0100
User-agent: Mutt/1.5.24 (2015-08-30)

On Sun, Mar 20, 2016 at 08:39:30AM -0500, Alejandro Velasco Dimate wrote:

> For example, something like this:
> 
> "......
> 
> User Inactivity Logout - Terminates the user active session after an
> specific time of  inactivity:
> 
>    - If the user has not moved the mouse after 15 minutes,
>    disconnect/logout the user and delete the user session.
> 
> .....
> 
> User password - must match the folowing criteria:
> 
>    - The user password must contain at least one number and one Capital
>    letter.
>    - Must be encripted by using a SHA1 algorithm
> 
> ....
> "
> Or something even more detailed.

Hi Alejandro,

I see what you mean.

Neither of the above is GNUmed's core job (quite apart from
whether the examples actually make any technical sense). Both
examples should be implemented by layers outside GNUmed.
Example One is best served by a screenlocker.
Example Two is usually done by site policy, and possibly
enforced by means specific to PostgreSQL.

Given the fact that jurisdictions differ in what flags they
think need to be waved GNUmed doesn't try to adhere to any
one particular idea of what auditors think security is made
of.

GNUmed tries to provide useful functionality without
knowingly throwing the doors open wider than necessary.

Patches are welcome, of course.

Karsten
-- 
GPG key ID E4071346 @ eu.pool.sks-keyservers.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346



reply via email to

[Prev in Thread] Current Thread [Next in Thread]