On Tue, May 02, 2006 at 10:14:28AM +1000, Tim Churches wrote: > > - - is it built-in or easily added to GNUmed to be able to specify > > minimum requirements for a valid password? Presumably these are stored > > encrypted to that while an administrator could over-write a password, > > they could not know the actual password that had been used? > > PG stores passwords in salted hash form (there is a config option for > what sort of hash, I think - MD5 is deafult, which is fine) but it would > be up to GNUmed to enforce rules on passwords (assuming GNUmed > supervises password set-up and changing). It does have user management functions so it could. However, managing users is not limited to be done through a GNUmed client. All in all the final repository of a password would have to reject it if it's too weak according to the setup - which can be achieved to have PostgreSQL use PAM and configure PAM to check passwords.
> Yes, you really should encrypt database dumps before storing them on > removable media, which is particularly vulnerable to loss or theft (eg > from briefcases left in cars etc). Using a public/private key pair with > gpg (GnuPG) works well because you don't need to store the private key > on the server where the db dumps will be encrypted, just the public key. Good idea. Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
