On Fri, Nov 05, 2004 at 06:39:58PM -0600, Baljkas Family said:
Friday, November 5, 2004 18:14 CST
Greetings all,
Owen's question reminded me of some issues I had been meaning to ask about for a while now.
First off, the whole issue of data security in the Koha ILS.
I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)
I can take a crack at this part, ill leave all the legal stuff to someone else :) The security we have on koha, is that the librarian interface is behind password authentication, but you can disable this. What HLT does and other libraries we have worked with do, is not make the librarian interface available to the world. This can be done by restricting access to only certain ips, or only available on a lan. These are of course system administrator tasks, and the sys admin can do a lot more, such as securing the box serving koha as much as possible. You could use mysql replication and have a seperate box serving the opac with a read only database, such that the only interface available to the public has no write access. Again more sys admin tasks. What we as developers try to do, is to make sure that we dont write cgi's that are vulnerable to attack, and we depend on the writers of such things as apache, and mysql and linux to keep their products as secure as they can. Then we depend on the system admins of the Koha installations to do their part. Basically it boils down to the sysadmin, they can make the data stored in Koha as secure or as insecure as they like. Chris -- Chris Cormack Programmer 027 4500 789 Katipo Communications Ltd chris@katipo.co.nz www.katipo.co.nz