Re: [SQL-Ledger-users] Cobalt RAQ2

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Martin, thank you very much for the advise.  The security issue is my top
priority.  I'm a one-person company; as is my bookkeeper.  SQL-Ledger
solves the issue of me using Linux and him still being under the influence
of "The Evil One."  :)

						- fleet -

At 05:20 1/23/01 +0200, you wrote:
>Fleet Teachout wrote:
>> 
>> Has anyone here set up SQL-Ledger on a Cobalt RAQ2 server for remote
>> access?  If so, any problems, lessons learned, issues, etc.?
>
>not RAQ specific, but here are few ideas for a remote server in general:
>
>- SSL is a must for data confidentiality
>- no (untrusted) users on server with any form of web scripting ability
>(cgi/perl/php/etc..) 
>- storngly consider using apache suexec feature and creating separate
>account for sql-ledger
>
>i think it would be a good idea to rewrite whole sql-ledger
>authentication system before putting it into a public server, but for
>starters even using crypt() instead of plaintext would be a good start..
>plaintext is barely suitable on for a system on small trusted network
>behind firewall but a definite no-no for server with direct Internet
>connection.
>
>--
>Martin Lillepuu | E-mail: mar...@ma... | GSM: 051 56 450
>
>