[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] Re: GNUmed (debian) servers and security
From: |
Karsten Hilbert |
Subject: |
Re: [Gnumed-devel] Re: GNUmed (debian) servers and security |
Date: |
Mon, 28 Jan 2008 16:09:54 +0100 |
User-agent: |
Mutt/1.5.17+20080114 (2008-01-14) |
On Sun, Jan 27, 2008 at 10:08:31PM -0800, James Busser wrote:
> Partly, I am thinking that when trying to access GNUmed from inside a
> hospital, many hospitals are strict about port egress. It is possible
> that they may allow only ports 80 and 443.
>
> Would it therefore work to configure a client (that needed to connect
> from inside a hospital) to connect to a GNUmed server on port 443?
Yes. One sets the port to 443 in the relevant profile in the
config file.
> This
> scenario would require that the server has port redirection set up, to
> forward the incoming request to Postgres port 5432. (?)
Yes, or else it could (should) be a third machine outside
the hospital in front of the database server. To "properly"
do this by conventional wisdom one would setup the PG server
inside the De-Militarized Zone of the target network and
have port redirection 443 -> 5432 inside a fence host at the
border between outside and DMZ.
> For the SSL to be supported, must Apache be used, and must it perhaps be
> added to postgres as a user?
Neither. PostgreSQL must be linked against OpenSSL at
compile time.
> By the way, does GNUmed set Postgres to use non-trust authentication
> and, for passwords, do GNUmed/postgres authenticate using md5, crypt or
> password (hopefully md5) :-)
We can't say this often enough: GNUmed does NOT require
Postgres to use any specific authentication method. In fact,
it doesn't care *how* it gets in. It fully defers that
decision to the PostgreSQL admin who *must chose* locally
suitable values.
The only assumption GNUmed makes of the server configuration
is that "any role in the groups "gm-logins" and "gnumed_vX"
(whatever X is at the time) can connect" and it is prepared
to supply a password if need be.
Karsten
--
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
[Gnumed-devel] Re: GNUmed (debian) servers and security, James Busser, 2008/01/27
[Gnumed-devel] Re: GNUmed (debian) servers and security, Andreas Tille, 2008/01/28