On Sun, Jan 27, 2008 at 10:08:31PM -0800, James Busser wrote: > Partly, I am thinking that when trying to access GNUmed from inside a > hospital, many hospitals are strict about port egress. It is possible > that they may allow only ports 80 and 443. > > Would it therefore work to configure a client (that needed to connect > from inside a hospital) to connect to a GNUmed server on port 443? Yes. One sets the port to 443 in the relevant profile in the config file.
> This > scenario would require that the server has port redirection set up, to > forward the incoming request to Postgres port 5432. (?) Yes, or else it could (should) be a third machine outside the hospital in front of the database server. To "properly" do this by conventional wisdom one would setup the PG server inside the De-Militarized Zone of the target network and have port redirection 443 -> 5432 inside a fence host at the border between outside and DMZ. > For the SSL to be supported, must Apache be used, and must it perhaps be > added to postgres as a user? Neither. PostgreSQL must be linked against OpenSSL at compile time. > By the way, does GNUmed set Postgres to use non-trust authentication > and, for passwords, do GNUmed/postgres authenticate using md5, crypt or > password (hopefully md5) :-) We can't say this often enough: GNUmed does NOT require Postgres to use any specific authentication method. In fact, it doesn't care *how* it gets in. It fully defers that decision to the PostgreSQL admin who *must chose* locally suitable values. The only assumption GNUmed makes of the server configuration is that "any role in the groups "gm-logins" and "gnumed_vX" (whatever X is at the time) can connect" and it is prepared to supply a password if need be. Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346 _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
