Hi!
Communication between client/server is currently not encrypted. Neither data transfer nor data related to authentication. In scenarios where you are “talking†to local server instance (client and server running on the same machine) on a single user system, this should not be a big issue. However, if you do care about security of data, especially when you are communicating with remote servers, there are ways (workarounds) to make things more secure. In Palo 1.0 you would have to do this transparently from Palo (for example by using secure VPN tunnel between client and server), or if you are fit enough you could do some tweaking on server and libpalo side to support some secure communication protocol (don’t forget Palo is Open Source – anybody can download latest source code and start making it better).
Palo is MOLAP: among other things this also means it keeps al of its data in memory. Keeping it only in memory would do us no good. Either we would have to keep our machine running all the time or we would have to re-create and re-import all the data every time we start our computer. To avoid this, Palo does all the work for you – it writes log data which helps it re-create the state in which it was before server stopped/crashed/janitor pulled the plug out. Palo does this job pretty good but there is always place for improvement.
We are working hard on our next version (Palo 1.5) which will address or at least make it far easier to solve most of the issues described above. Stay tuned!
