DB design document
Jean-David Beyer
jdbeyer@exit109.com
Wed, 20 Dec 2000 17:45:20 -0500
Patrick Spinler wrote:
>
> Derek Atkins wrote:
> >
> > linas@linas.org writes:
> >
> > > ?
> > > More accurately
> > >
> > > (sql server) || <- - - - - -> || (sql-client-lib <-> gnc_engine <-> ui)
> > >
>
> Earlier in this converstation, Linas mentioned that SSLizing any
> application isn't very difficult.
>
> Certainly for the [GPL, I assume you mean] license databases that we're
> considering using here
> (Postgres, MySQL, ??) we have the source to both the client library and
> server and can do this without a great overhead. I haven't asked but I
> would imagine that the various db development teams would probably
> accept and maintain a submission of a SSLized version of their code.
Probably, but the great advantage of Derek Atkins proposal is that we
need not rely on others to accept an SSL version, and it would be
impossible for the GnuCash team to diddle code in closed-source dbms
products anyway.
Besides, in Derek's proposal, the developers would need only one
implementation of most of the software (e.g., the gnc_client), with
changes only in the gnc_server (in particular, only in the process that
sends the SQL to the dbms server), rather than all over the place in
different libraries for each and every supported dbms. I imagine, for
example, that IBM DB2 UDB will be the last dbms ever to be supported by
the GnuCash team, because it is proprietary and fairly costly. But those
of us who have it would probably prefer to continue using it. I do not
know about others, but I would not be happy running more than one DBMS
on my machine at a time, because of the administrative headaches.
>
> -- Pat
>
> > The problem is that using TCP sockets is completely insecure. This is
> > also a problem with Xlib (which is why many people tunnel X in SSH :)
> > We want to avoid over-the-network communications in-the-clear, by
> > using encryption. I would also like to see modular network
> > authentciation (ala SSL certs or Kerberos tickets). This would imply
> > we want something like:
> >
> > (sql server <-> sql client <-> gnc_server) ||
> > <- - -> ||
> > (gnc_client <-> gnc_engine <-> gnc_ui)
> >
> > This way we can encrypt or authenticate the gnc_client to the
> > gnc_server, and we still gain SQL independence. The gnc_server can be
> > implemented to talk to any SQL server, but the gnc_client/engine/ui
> > need know nothing about the implementation.
> >
> > This approach also buys us the ability to have a local file storage
> > (or local DB) without any modifications to the engine or ui; only the
> > "gnc_client" needs to know.
> >
> > I've also volunteered to write the gnc_server/gnc_client code,
> > provided I am given help with providing the APIs that the engine will
> > need.
> >
> > > --linas
> >
> > -derek
> >
> > --
> > Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
> > Member, MIT Student Information Processing Board (SIPB)
> > URL: http://web.mit.edu/warlord/ PP-ASEL-IA N1NWH
> > warlord@MIT.EDU PGP key available
> >
> > _______________________________________________
> > gnucash-devel mailing list
> > gnucash-devel@lists.gnumatic.com
> > http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel
>
> --
> This message does not represent the policies or positions
> of the Mayo Foundation or its subsidiaries.
> Patrick Spinler email: Spinler.Patrick@Mayo.EDU
> Mayo Foundation phone: 507/284-9485
>
> _______________________________________________
> gnucash-devel mailing list
> gnucash-devel@lists.gnumatic.com
> http://www.gnumatic.com/cgi-bin/mailman/listinfo/gnucash-devel
--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ Registered Machine 73926.
/( )\ Shrewsbury, New Jersey
^^-^^ 5:35pm up 16 days, 2:22, 2 users, load average: 2.06, 2.06, 2.01