[Koha] Questions on data security, liability and RFP issues
Gerry Arthus
garthus at lilrc.org
Tue Nov 9 02:25:56 NZDT 2004
MJ Ray,
Security is only ask good as the best backup. That is a backup off
machine and preferably off-site.All systems can be compromised in one
way or another. Worry more about whether your dbase is backed and less
about hackers. Those libraries who retain vendors (at often extortionary
prices) do not worry about such things , since the vendor does it all,
(including owning their database). The price for freedom from
extortionary vendor tactics is the responsibility of securing one's
records, it is not a resource intensive process..
Gerry :)
Gerry Arthus
Systems Administrator:
Long Island Library Resources Council
SUNY at Stony Brook
Stony Brook, New York
US 11794-3399
Phone: 1-631-632-6652
FAX: 631-632-6662
Home: 631-289-7565
Email: garthus at lilrc.org
Professor:
Departments of:
Graduate Computer Engineering, Earth and Environmental Science, and
Engineering Management
C.W. Post Campus of Long Island University
720 Northern Boulevard
Brookville, New York
US 11548-1300
Phone: 516-299-2293
wrote:
> On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas at mts.net> wrote:
>
>> I don't think this question has been raised before -- and I apologise
>> in advance if it has been, or if asking it this way is simply
>> hopelessly naive/ignorant: but how safe against hacking, e.g. would
>> Koha be? Or is this more a matter of systems admin level securities
>> behind which Koha would be shielded? (G*d, I hope so.)
>
>
> I went through the code fixing some structural security errors during
> the 1.9 development versions. I've not tried testing koha heavily,
> simply through lack of time.
>
> In 2.0, there are some known bugs to do with the librarian access
> levels: having the circulation desk get full librarian access is
> undesirable. I hope this has been fixed during 2.1 and will be
> available to users in 2.2, but I've not checked. Maybe more
> 2.1-centred developers can tell?
>
> I think you also want to consider the security of all machines which
> use the koha librarian interface. It's mostly hopeless having
> wonderful security on the server if someone can put a password sniffer
> on a superlibrarian's computer. This may even be a larger
> vulnerability than almost all likely server problems.
>
>> [...] the PTBs in their corporate or organisational culture were
>> concerned, it was against the rules because there would be no one to
>> sue if something went wrong?
>
>
> I believe this is largely a distraction tactic. At best, you will end
> up effectively suing your supplier's insurance company. Few of the
> people who raise this question have ever suggested trying to sue
> Microsoft after a virus shuts down their office computers or overflows
> their email.
>
> Some organisations like free software because it reduces absolute
> dependence on one outside supplier, even if it will take more
> time/cost more to develop in-house or find an alternative supplier. It
> gives more options and keeping options open is usually good for business.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20041108/12492a25/attachment.html
More information about the Koha
mailing list