in reply to CGI Password/Login and Security

< security rant >
There has already been lot of good advice on this so I'm going a bit OT here to suggest that you make sure your client (employer?) knows the risks of going without a secure server. Why is it that many (most?) companies think security is a frill? Even if they don't care a whit about their patients' privacy, have they done a financial risk assessment to check the costs of security measures against possible legal action? Are they certain that their insurer will cover them for something like this? Will they come after you is something goes wrong? If so, then give them your warnings on paper and try to get them to sign off on it if you can.

Some may also find the new law in Canada of interest. I very little idea what the U.S. is doing in this area (and from what I read in the Risks Digest it seems not much) but sooner or later people will demand privacy and dealing with it now is better IMHO.

--
I'd like to be able to assign to an luser

Replies are listed 'Best First'.
Re: Re: CGI Password/Login and Security
by $CBAS (Scribe) on Jan 12, 2001 at 04:00 UTC

    Well if the docters can choose between spending the money on my privacy or my health then I say HEAL ME!

    But since most docters earn a whole lot of money, I don't think it's too much to ask for a decent frickin' server (some hosting companies even offer you their SSL certificate with virtual server accounts!)

    Speaking of SSL, anyone know the best way to set up an encrypted connection? (for a P2P filetransfer)

    -CBAS

[reply]

In Section Seekers of Perl Wisdom