DB design document

Patrick Spinler spinler.patrick@mayo.edu
Wed, 20 Dec 2000 16:31:14 -0600 

Derek Atkins wrote:
> 
> linas@linas.org writes:
> 
> > ?
> > More accurately
> >
> > (sql server) || <- - - - - -> || (sql-client-lib <-> gnc_engine <-> ui)
> >

Earlier in this converstation, Linas mentioned that SSLizing any
application isn't very difficult.

Certainly for the license databases that we're considering using here
(Postgres, MySQL, ??) we have the source to both the client library and
server and can do this without a great overhead.  I haven't asked but I
would imagine that the various db development teams would probably
accept and maintain a submission of a SSLized version of their code.

-- Pat

> The problem is that using TCP sockets is completely insecure.  This is
> also a problem with Xlib (which is why many people tunnel X in SSH :)
> We want to avoid over-the-network communications in-the-clear, by
> using encryption.  I would also like to see modular network
> authentciation (ala SSL certs or Kerberos tickets).  This would imply
> we want something like:
> 
>  (sql server <-> sql client <-> gnc_server) ||
>                 <- - -> ||
>                         (gnc_client <-> gnc_engine <-> gnc_ui)
> 
> This way we can encrypt or authenticate the gnc_client to the
> gnc_server, and we still gain SQL independence.  The gnc_server can be
> implemented to talk to any SQL server, but the gnc_client/engine/ui
> need know nothing about the implementation.
> 
> This approach also buys us the ability to have a local file storage
> (or local DB) without any modifications to the engine or ui; only the
> "gnc_client" needs to know.
> 
> I've also volunteered to write the gnc_server/gnc_client code,
> provided I am given help with providing the APIs that the engine will
> need.
> 
> > --linas
> 
> -derek
> 
> --
>        Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
>        Member, MIT Student Information Processing Board  (SIPB)
>        URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
>        warlord@MIT.EDU                        PGP key available
> 
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel@lists.gnumatic.com
> http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel

-- 
      This message does not represent the policies or positions
	     of the Mayo Foundation or its subsidiaries.
  Patrick Spinler			email:	Spinler.Patrick@Mayo.EDU
  Mayo Foundation			phone:	507/284-9485