[Gnumed-devel] Hosting an encrypted pythonic simplehttp GNUmed server

[Jim Busser]

On 2010-07-30, at 1:42 PM, Sebastian Hilbert wrote:

>>> The pyjamas web app use the exact same security the wxpython
>>> app does. the only difference is that it transports the information via
>>> the http protocol.

Some thoughts…

- users who would connect would be using a standard browser

- we may agree that authentication plus transfer of patient information ought 
to be over an encrypted connection

- simplehttp provides only http

- how to provide the encryption... do it inside apache?
        http://blog.elzapp.com/docs/apache-proxy
        is there any better alternative?

- the connecting user should point to
        https://<IP or domain name of gnumed server"
        if IP, user would need to ignore the SSL certificate (hostname mismatch)
        if domain name
                - needs to be registered
                - needs an SSL certificate
                - if self-signed, user needs a way to know to trust it, and add 
to browser

- does server (simplehttp) inside apache need to be listening to port 443?

- or can apache redirect port 443 traffic to simplehttp

- or does some other layer (or device) do this?


Also BTW begs a question about the wxPython GNUmed client connecting across the 
internet...
        --> what provides its encryption, or --- if it is unencrypted --- what 
would be the recommendation?

on the wiki, there is
        
http://wiki.gnumed.de/bin/view/Gnumed/DebianKerberosLDAPBindGnumedWalkthrough

... but would kerberos be usual and standard for this scenario?


-- Jim