MJ Ray,

Security is only ask good as the best backup. That is a backup off machine and preferably off-site.All systems can be compromised in one way or another. Worry  more about whether your dbase is backed  and less about hackers. Those libraries who retain vendors (at often extortionary prices) do not worry about such things , since the vendor does it all, (including owning their database). The price for freedom from extortionary vendor tactics is the responsibility of securing one's records, it is not a resource intensive process..

Gerry :)

Gerry Arthus

Systems Administrator:

Long Island Library Resources Council

SUNY at Stony Brook

Stony Brook, New York

US          11794-3399

Phone: 1-631-632-6652

FAX: 631-632-6662

Home: 631-289-7565

Email: garthus@lilrc.org

 

Professor:

Departments of:

Graduate Computer Engineering, Earth and Environmental Science, and Engineering Management

C.W. Post Campus of Long Island University

720 Northern Boulevard

Brookville, New York

US 11548-1300

Phone: 516-299-2293

 

 

 

 





 wrote:
On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas@mts.net> wrote:

I don't think this question has been raised before -- and I apologise in advance if it has been, or if asking it this way is simply hopelessly naive/ignorant: but how safe against hacking, e.g. would Koha be? Or is this more a matter of systems admin level securities behind which Koha would be shielded? (G*d, I hope so.)

I went through the code fixing some structural security errors during the 1.9 development versions. I've not tried testing koha heavily, simply through lack of time.

In 2.0, there are some known bugs to do with the librarian access levels: having the circulation desk get full librarian access is undesirable. I hope this has been fixed during 2.1 and will be available to users in 2.2, but I've not checked. Maybe more 2.1-centred developers can tell?

I think you also want to consider the security of all machines which use the koha librarian interface. It's mostly hopeless having wonderful security on the server if someone can put a password sniffer on a superlibrarian's computer. This may even be a larger vulnerability than almost all likely server problems.

[...] the PTBs in their corporate or organisational culture were concerned, it was against the rules because there would be no one to sue if something went wrong?

I believe this is largely a distraction tactic. At best, you will end up effectively suing your supplier's insurance company. Few of the people who raise this question have ever suggested trying to sue Microsoft after a virus shuts down their office computers or overflows their email.

Some organisations like free software because it reduces absolute dependence on one outside supplier, even if it will take more time/cost more to develop in-house or find an alternative supplier. It gives more options and keeping options open is usually good for business.