Am Freitag, den 23.10.2009, 20:12 +0200 schrieb Hartmut Goebel: > Tobias Paepke schrieb: > > > I agree with hartmut to force the encryption of the client-server > > connection. These user should not have the option to decide to run > > tryton unencrypted. > You misunderstood me here: I'm not talking about enforcing SSL. I say: > *if* SSL is enabled on the server side, the user must not have a choice > and the client must verify the server certificate.
But here the problem is that the client user can choose the connection. So the intruder sends him a mail, that the client needs new connection to the server for some administrational reason... after this the client user is ripped off. For this we need a client option, that restrict the manual entry of the connection parameters (server, port). With this only the parameters from the client.conf are allowed (server, port, certificate, authority), which is hopefully readonly for the client system user. -- ____________________________________ virtual things Preisler & Spallek GbR Munich - Aix-la-Chapelle Windeckstr. 77 81375 Munich - Germany Tel: +49 (89) 710 481 55 Fax: +49 (89) 710 481 56 [email protected] http://www.virtual-things.biz --~--~---------~--~----~------------~-------~--~----~ [email protected] mailing list -~----------~----~----~----~------~----~------~--~---
