Karsten Hilbert wrote: > On Sat, Dec 24, 2005 at 10:39:57AM +1100, Tim Churches wrote: > > >>By "non-working" I think that Jim may mean "demo" or "test" as opposed >>to "production" i.e. a database where people can store their own data, >>safely. The point is that people may mistakenly think that, having >>installed GNUmed v0.1 or booted teh CD, they are OK to strt entering >>real patient data. > > Hopefully he means that. > > >>Remember that almost no-one reads README files or >>other instructions, until it is too late. > > Do you think it'd be useful to add "banner" support to our > database ? Eg when people connect to a given database > there's a banner available in a certain table the content of > which is to be displayed by the client such that people can > be warned or notified about some things ? If that table were > empty no message would be displayed which would be the > no-hassle case for production sites ?
The potential problem is a malicious back-end mimicking a trusted back-end. Your solution doesn't help there. A PKI-based system to verify the identity of the back-end server would be one solution, but the social engineering required is complex. No-one else worries about this, and I'd suggest that GNUmed doesn't, at least not until version 1.1 - for now, your banner idea sound good. Tim C _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
