gnumed-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnumed-devel] System Functional Requirements


From: Holger Patzelt
Subject: Re: [Gnumed-devel] System Functional Requirements
Date: Tue, 22 Mar 2016 01:24:30 +0100

Hello Karsten,

maybe I am wrong, but I think what Alejandro was looking for was what normally 
is supposed to some sort of security classification.

Besides: I would strongly disagree with your statement, that timeouts are the 
job of higher layers. 
I am sure we both agree: GNUmed is not some sort of silly usergame. 
Software like GNUmed contains the sort of data which is mostly agreed as the 
most sensitive data people are bound to, and systems have to store.
Within my regular job, this kind of data would be ranked into highes security 
customer data, which would imply, that any system 
storing or using this data would need to use encryption for data storage, at 
least one way encryption for passwords, two factor authentication for admins 
and definitely 
timeouts for userlogins within the application to make sure, that no data can 
be viewed by any person without permission.
I am far away from beeing naive. Half of my family works somewhere in the 
health system or has been working for years. There minutes can save lifes and 
people have to share desks.
But I know that most of the times the developers simply fail in offering these 
people the tools they need to have to implement these security levels in a 
usable way.

If you need an example:
In a large or high traffic restaurant you have lots of staff and a permanent 
problem with easy accessible cashing terminals.
What I saw lately as a good example was some sort usb-token for every waiter. 
Without a key, the terminals were locked, inserting and some sort of 4 
character pin unlocked the terminal „app“.
I know of some people using ubikey for this kind of 2 factor auth, some are 
using google authenticator, which i would not find usable here, but sure there 
are more of these possibilities. 
This is, what I would like to see at a doctors place... 

bye,
Holger

> Am 20.03.2016 um 15:10 schrieb Karsten Hilbert <address@hidden>:
> 
> On Sun, Mar 20, 2016 at 03:02:55PM +0100, Karsten Hilbert wrote:
> 
>>> User Inactivity Logout - Terminates the user active session after an
>>> specific time of  inactivity:
>>> 
>>>   - If the user has not moved the mouse after 15 minutes,
>>>   disconnect/logout the user and delete the user session.
> 
>> Example One is best served by a screenlocker.
> 
> I should have said desktop environment _session_ lockout.
> 
> Karsten
> -- 
> GPG key ID E4071346 @ eu.pool.sks-keyservers.net
> E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346
> 
> _______________________________________________
> Gnumed-devel mailing list
> address@hidden
> https://lists.gnu.org/mailman/listinfo/gnumed-devel




reply via email to

[Prev in Thread] Current Thread [Next in Thread]