rpc server

[Linas Vepstas]

On Wed, Sep 12, 2001 at 09:49:17PM -0400, Derek Martin was heard to remark:
> On Wed, Sep 12, 2001 at 04:14:54PM -0500, Linas Vepstas wrote:
> > (The idea was that rpc provides a better/more secure/more portble
> > interface than simply shipping postgres sql over the network).
> 
> While that may be true strictly speaking (or may not--I'm not all that
> familiar with SQL databases, and I'm completely unfamiliar with your
> interface), RPC is itself still not terribly secure.  

Yes.

> The protocol
> depends on IP/DNS information which is fairly easily spoofed,
> especially at poorly administered sites (like many home users'
> networks); 

Well, presumably home users don't really need the multi-user
capabilities ... 

I think the point is that a layer of abstraction is good. When
a new feature arrives, one gets it 'for free' -- e.g. XML-RPC,
or SecureRPC (??) (an effort to add ssl-like support (?)).  
I'd rather deal with generic solutions maintained at karge, than 
to try to reinvent the wheel inside gnucash.

> The concept of a multi-user gnucash is definitely an interesting one.
> However, if you want real security, you really ought to consider including some
> public-key-encryption mechanism for both authentication and for
> conducting transactions.  

I vaguely heard of SSL-based postgres wrappers....

> And especially considering this is financial
> software, this is a REALLY good idea anyway...

Agreed.


--linas