Todd Berman wrote: >> 3. Any other thoughts? > >Mostly, I would question the need/desire to store this data in VistA, >and access it via the RPC Broker.
These are two separate issues. If you receive the data in VistA you could store it in MUMPS globals or in the host file system. There are pros and cons either way. We have tried both with M2Web in VMACS. If you receive or send the data via a non-MUMPS process it could call into MUMPS for per file and per user authorization. >I understand the three points you made above, however it seems to me >that using some form of https (with a password) accessible webserver >makes this far more manageable from the client end. Also far more >scalable. I agree. With M2Web, the web server could use VistA based user authorization. >Tasking vista to transfer potentially large binary files down >the RPC Broker connection seems somewhat like using a sledgehammer to >tap in a push-pin. Not to mention not nearly secure enough for use. >Great that you provide some 'security' by deciding if you will give a >user a file, but you could provide the same 'security' by deciding if >you will give a use a URL. But that security goes right out the window >the minute you transfer that file over the unencrypted RPC connection. >Of course, this is also a more general issue facing the current RPC >method, so it is not specific to this issue at all. > >It would seem that using urls + https + authentication is the better way >to go to handle this, as it does also 'solve' all 3 points brought up, >but (imo) in a better, more secure, and far more scalable fashion. > >--Todd I agree. When will your solution be released as Open Source. Has it been decided yet what parts will NOT be released. --------------------------------------- Jim Self Systems Architect, Lead Developer VMTH Computer Services, UC Davis (http://www.vmth.ucdavis.edu/us/jaself) ------------------------------------------------------- SF.Net email is Sponsored by the Better Software Conference & EXPO September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf _______________________________________________ Hardhats-members mailing list Hardhats-members@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/hardhats-members
