cedrik, i understand your point of view and i agree with that. A workable solution would be to integrate the by hartmut proposed technology, configurable. But describe a best practise to get more security for the user. That would be a solution what microsoft does for years. provide an open system and let the user decide to make it more secure.
On 24 Okt., 17:40, Cédric Krier <[email protected]> wrote: > On 23/10/09 21:00 +0200, Udo Spallek wrote: > > > > > > > Am Freitag, den 23.10.2009, 20:12 +0200 schrieb Hartmut Goebel: > > > Tobias Paepke schrieb: > > > > > I agree with hartmut to force the encryption of the client-server > > > > connection. These user should not have the option to decide to run > > > > tryton unencrypted. > > > You misunderstood me here: I'm not talking about enforcing SSL. I say: > > > *if* SSL is enabled on the server side, the user must not have a choice > > > and the client must verify the server certificate. > > > But here the problem is that the client user can choose the connection. > > So the intruder sends him a mail, that the client needs new connection > > to the server for some administrational reason... after this the client > > user is ripped off. > > > For this we need a client option, that restrict the manual entry of the > > connection parameters (server, port). With this only the parameters from > > the client.conf are allowed (server, port, certificate, authority), > > which is hopefully readonly for the client system user. > > Tryton is a GPL software so this give the right to the user to change it. So > any kind of try to restrict user is impossible. > > -- > Cédric Krier > > B2CK SPRL > Rue de Rotterdam, 4 > 4000 Liège > Belgium > Tel: +32 472 54 46 59 > Email: [email protected] > Jabber: [email protected] > Website:http://www.b2ck.com/ > > signature.asc > < 1 KBAnzeigenHerunterladen --~--~---------~--~----~------------~-------~--~----~ [email protected] mailing list -~----------~----~----~----~------~----~------~--~---
