MJ Ray, Security is only ask good as the best backup. That is a backup off machine and preferably off-site.All systems can be compromised in one way or another. Worry more about whether your dbase is backed and less about hackers. Those libraries who retain vendors (at often extortionary prices) do not worry about such things , since the vendor does it all, (including owning their database). The price for freedom from extortionary vendor tactics is the responsibility of securing one's records, it is not a resource intensive process.. Gerry :) Gerry Arthus Systems Administrator: Long Island Library Resources Council SUNY at Stony Brook Stony Brook, New York US 11794-3399 Phone: 1-631-632-6652 FAX: 631-632-6662 Home: 631-289-7565 Email: garthus@lilrc.org Professor: Departments of: Graduate Computer Engineering, Earth and Environmental Science, and Engineering Management C.W. Post Campus of Long Island University 720 Northern Boulevard Brookville, New York US 11548-1300 Phone: 516-299-2293 wrote:
On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas@mts.net> wrote:
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I went through the code fixing some structural security errors during the 1.9 development versions. I've not tried testing koha heavily, simply through lack of time.
In 2.0, there are some known bugs to do with the librarian access levels: having the circulation desk get full librarian access is undesirable. I hope this has been fixed during 2.1 and will be available to users in 2.2, but I've not checked. Maybe more 2.1-centred developers can tell?
I think you also want to consider the security of all machines which use the koha librarian interface. It's mostly hopeless having wonderful security on the server if someone can put a password sniffer on a superlibrarian's computer. This may even be a larger vulnerability than almost all likely server problems.
[...] the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?
I believe this is largely a distraction tactic. At best, you will end up effectively suing your supplier's insurance company. Few of the people who raise this question have ever suggested trying to sue Microsoft after a virus shuts down their office computers or overflows their email.
Some organisations like free software because it reduces absolute dependence on one outside supplier, even if it will take more time/cost more to develop in-house or find an alternative supplier. It gives more options and keeping options open is usually good for business.