HONGD should be accessed using the GDP network protocol
Currently applications HONGD by connecting directly to a MariaDB (or MySQL) server and running a query. This presents a huge attack surface for a relatively limited function. Ideally this would be accessed using the GDP network protocol itself. This presents some issues:
- How does a client find the name of HONGD in the first place? It can't do so by asking HONGD.
- How does HONGD determine whether the caller has appropriate permissions? For example, the creation service has the ability to add entries, but regular clients are read-only. This probably requires signed commands (see Issue #119).