On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas@mts.net> wrote:
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I went through the code fixing some structural security errors during the 1.9 development versions. I've not tried testing koha heavily, simply through lack of time. In 2.0, there are some known bugs to do with the librarian access levels: having the circulation desk get full librarian access is undesirable. I hope this has been fixed during 2.1 and will be available to users in 2.2, but I've not checked. Maybe more 2.1-centred developers can tell? I think you also want to consider the security of all machines which use the koha librarian interface. It's mostly hopeless having wonderful security on the server if someone can put a password sniffer on a superlibrarian's computer. This may even be a larger vulnerability than almost all likely server problems.
[...] the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?
I believe this is largely a distraction tactic. At best, you will end up effectively suing your supplier's insurance company. Few of the people who raise this question have ever suggested trying to sue Microsoft after a virus shuts down their office computers or overflows their email. Some organisations like free software because it reduces absolute dependence on one outside supplier, even if it will take more time/cost more to develop in-house or find an alternative supplier. It gives more options and keeping options open is usually good for business. -- MJR/slef My Opinion Only and not of any group I know Creative copyleft computing - http://www.ttllp.co.uk/ Unsolicited attachments to the pipex address deleted Will HLF fund tree-killings? http://www.thewalks.co.uk/