On Fri, Jul 22, 2011 at 12:09 PM, John Griessen <[email protected]> wrote:
> I'm a gnucash user interested in the possibility of separating duties > and also using my installation over the net from a couple of locations. > I also am interested in your report templates and using > keyboard-wedge-USB input devices. > > Will the security be tight enough to run ledgerSMB on a server > connected to the internet? If you require SSL. 1.3 security is pretty good but because of authentication decisions you need to enable SSL if you are running over a network. Also I would recommend in 1.3 setting password expirations to a sane number if running over the internet. 1.2 has some substantial design omissions in the security structure which are documented in the manual. 1.3 does away with these. > I would have to use it with web browser SSL always in that case -- is > that supported now, or planned to? What other security suggestions > do you have for such an installation? SSL is currently supported. The second question has to do with supporting appropriate types of PostgreSQL authentication methods. Do you have a need to authenticate against some form of single sign on server? If so, we can support LDAP and PAM as methods of authentication right now, and Kerberos could be supported without a whole lot of work. The thing you have to think about regarding security for an accounting system is the fact that an internet attack can mess up your data in ways that can be painful, but an insider attack is far more dangerous because it can be used to cover for theft, pointing evidence at other people and the like. Therefore you need to carefully think about what sorts of permissions you want to give people and take the separation of duties side seriously. Best Wishes, Chris Travers ------------------------------------------------------------------------------ 10 Tips for Better Web Security Learn 10 ways to better secure your business today. Topics covered include: Web security, SSL, hacker attacks & Denial of Service (DoS), private keys, security Microsoft Exchange, secure Instant Messaging, and much more. http://www.accelacomm.com/jaw/sfnl/114/51426210/ _______________________________________________ Ledger-smb-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/ledger-smb-users
