/home/jeff/blog

I finally mustered up the spare time to move from the old system of FreeMED authentication to a pluggable system. I have only coded up two plugins for now: a “Password” plugin, which uses the old system of authentication and password checking, and a “Basic” plugin, supporting HTTP Basic Authentication. I’m also currently considering writing an LDAP plugin to allow FreeMED credentials and basic ACL information to be stored on an LDAP server, to really allow for enterprise deployments. On top of all this, I have been doing some “house cleaning” in the code so that FreeMED is more autonomous on startup.

My newest project with FreeMED has been to implement a way to securely warehouse medical data offsite. This relates to Dr Gnu’s article about disaster recovery. I have been using SSL + WebDAV with a slim C client built on neon to push gnupg-encrypted SQL dumps (both incremental and full) to the archive server, which is perhaps temporarily residing at https://archive.freemedsoftare.net/. In this way, whoever is hosting the archive cannot read the medical data without the gnupg keys held only by the provider who “owns” the medical records. HIPAA compliance, here we are …