Koha Security - can someone provide a description of the encryption?
Hello! I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured. David W. Hartman
Hi David, Hartman, David W. - Tech Library schrieb am 15.07.2015
I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured.
the passwords are hashed using bcrypt, if that is what you mean. HTH, Mirko -- Mirko Tietgen mirko@abunchofthings.net http://koha.abunchofthings.net http://meinkoha.de
Im not a dev or even a power use, so believe them over me. The security of patron records is on you. You need to ensure physical security. You need to set up TLS for connections. You need to encrypt the volume the database resides on. (May be overkill and you will take a performance hit, but the option is there.) Also, your records are only as secure as your back ups are physically and with respect to encryption. Encrypted records would be such a problem with respect to proper key management that I can see koha doing that. I'm sure all user passwords are hashed, not encrypted, with a strong hash function, as is tech industry standard. You're also free to peak inside the database to see how records are stored. Jim On July 15, 2015 8:18:25 AM EDT, "Hartman, David W. - Tech Library" <David.W.Hartman@disney.com> wrote:
Hello!
I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured.
David W. Hartman
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
-- Sent from my Android device with K-9 Mail. Please excuse my brevity.
Thank you James! From: James Keener [mailto:jim@jimkeener.com] Sent: Wednesday, July 15, 2015 8:34 AM To: Hartman, David W. - Tech Library; Koha@lists.katipo.co.nz Subject: Re: [Koha] Koha Security - can someone provide a description of the encryption? Im not a dev or even a power use, so believe them over me. The security of patron records is on you. You need to ensure physical security. You need to set up TLS for connections. You need to encrypt the volume the database resides on. (May be overkill and you will take a performance hit, but the option is there.) Also, your records are only as secure as your back ups are physically and with respect to encryption. Encrypted records would be such a problem with respect to proper key management that I can see koha doing that. I'm sure all user passwords are hashed, not encrypted, with a strong hash function, as is tech industry standard. You're also free to peak inside the database to see how records are stored. Jim On July 15, 2015 8:18:25 AM EDT, "Hartman, David W. - Tech Library" <David.W.Hartman@disney.com<mailto:David.W.Hartman@disney.com>> wrote: Hello! I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured. David W. Hartman ________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz<mailto:Koha@lists.katipo.co.nz> https://lists.katipo.co.nz/mailman/listinfo/koha -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
See https://lists.katipo.co.nz/pipermail/koha/2014-February/038653.html On Wed, Jul 15, 2015 at 8:18 AM, Hartman, David W. - Tech Library < David.W.Hartman@disney.com> wrote:
Hello!
I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured.
David W. Hartman
_______________________________________________ Koha mailing list http://koha-community.org Koha@lists.katipo.co.nz https://lists.katipo.co.nz/mailman/listinfo/koha
participants (4)
-
Barton Chittenden -
Hartman, David W. - Tech Library -
James Keener -
Mirko Tietgen