|
| From: | C K Wu |
| Subject: | Re: [Phpgroupware-users] Re: Security provisions of CK-ERP |
| Date: | Fri, 21 Jan 2005 16:45:04 +0800 |
| User-agent: | Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020 |
Hi, Dave,I thought you are fully occupied with giving Noah his first programming lesson :) .
Dave Hall wrote:
Well, most auditor will insist that no user should be trusted beyond the absolute bare minimum :( . Because the system now includes some rather sensitive staff and financial information being made available online, security does become a basic system requirement. Actually, I would imagine, in some juridiction, legal requirement in terms of data privacy protection may come into play.On Fri, 2005-01-21 at 12:48 +0800, C K Wu wrote:Hello, folks,I noticed the Jan 14 irclog of #phpgroupware carried a query on the security of CK-ERP.<snip />However, internet is inherently a hostile place. If, CK-ERP, as a web application, is placed on the web for access by users anytime, anyplace, then, VPN or some encrypted tunnelling access is advised.HTTPS should be adequate for encryption, even for LAN access it is advisable, to you trust all of your users? Access to the server is a separate issue :)
Cheers, CK
Cheers Dave
| [Prev in Thread] | Current Thread | [Next in Thread] |