--- MJ Ray markj@cloaked.freeserve.co.uk wrote:
brodders@cwcom.net writes:
This is a repost as the original didn't seem to turn up - or if it did, no - one commented!
Not that it didn't appear, just that I don't have enough time.
Time, time time, why is it we never have enough of it?
I don't like this - would you do it? - so I've been kicking around
the
idea of allowing casual person-person item passing. These need to
be
verified transactions on the database otherwise fraud is simple.
The
protocol I suggest below is - good enough?? Comments appreciated.
Peer to peer! Trendy. I can't see any obvious problems with the ticketing system, though.
Peer-to-peer, its a good idea, it takes the itelligence from the core and decentralises it giving a more resilient system, generally. However, we need a method of tracking items as our membership is always fluctuating, we need some sort of control to the chaos, although limited.
I want to encrypt the lot; ideally the entire database. And the transactions from server to client must be secure too otherwise
login
accounts get compromised.
Perhaps we can just find somewhere to run the web site over https connections and use the mailing list passwords? Or somehow else store details for it. Perhaps using encrypted email or something.
Just out of interest people, we need to keep a level or proportion here[1], what level of security is really needed? We are analysing a system here and we need to maintain an implementation specific view of things until we get into the design stage. As I can see things, we skipped the feasibilty stage and also the analysis and Design stages, and thus we have arrived at the implementation phase with some major lack of designs.
When College finishes (4pm tomorrow afternoon) I will do the first 3 phases of the life cycle and produce a system specification for implementation. Can we get anything on the alug.org.uk hosts in the way of either mysql or postgres?
Is there a security guru in the house?
More importantly are there any licensed security guru's. But judging by the people who have offered to give security presentations at the next meet I would say the answer to your question is yes.
Thanks
D
[1] Please no coments regarding total perspective vortexes!
-- MJR
alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug See the website for instructions on digest or unsub!
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/