G. writes:
> An encrypted login process is not of much value if the actual
> session will be conducted in the clear once the user is authenticated,
Gavin brings up a very significant and valid point. We were planning for the
QC Display Terminal (an excel-like screen that you won't see unless you're a
QueryCalc user) to encrypt every transmission, regardless of what other logon
security is put in place.
Spreadsheets and reports intrinsically contain a great deal of company-
proprietary information in them. Indeed, they ultimately contain everything
that is of value -- and this is information should be seen only by the
intended recepient.
For this kind of application, we can generate a encryption routine that will
be essentially unbreakable, so long as we don't tell anyone what the algorithm
is. We can do this for the QC screen because we're running in a pure client-
server mode albeit in an extremely thin-client mode (which is the new jargon
for a host-terminal mode, which is where we started 30 years ago). We are
running an HP3000-based program when we're in QC -- and we can clearly design
both ends to match.
But we can't