rpc server
Derek Martin
ddm@pizzashack.org
Wed, 12 Sep 2001 21:49:17 -0400
On Wed, Sep 12, 2001 at 04:14:54PM -0500, Linas Vepstas wrote:
> (The idea was that rpc provides a better/more secure/more portble
> interface than simply shipping postgres sql over the network).
While that may be true strictly speaking (or may not--I'm not all that
familiar with SQL databases, and I'm completely unfamiliar with your
interface), RPC is itself still not terribly secure. The protocol
depends on IP/DNS information which is fairly easily spoofed,
especially at poorly administered sites (like many home users'
networks); and especially on Linux the RPC daemons have a notorious
history of being badly implemented (though they've improved a fair bit
in recent times) proving to be a reletively easy source of weakness for
intruders to pick at.
The concept of a multi-user gnucash is definitely an interesting one.
However, if you want real security, you really ought to consider including some
public-key-encryption mechanism for both authentication and for
conducting transactions. And especially considering this is financial
software, this is a REALLY good idea anyway...
--
---------------------------------------------------
Derek Martin | Unix/Linux geek
ddm@pizzashack.org | GnuPG Key ID: 0x81CFE75D
Retrieve my public key at http://pgp.mit.edu