[Koha] Questions on data security, liability and RFP issues

Gerry Arthus garthus at lilrc.org
Tue Nov 9 02:25:56 NZDT 2004


MJ Ray,

Security is only ask good as the best backup. That is a backup off 
machine and preferably off-site.All systems can be compromised in one 
way or another. Worry  more about whether your dbase is backed  and less 
about hackers. Those libraries who retain vendors (at often extortionary 
prices) do not worry about such things , since the vendor does it all, 
(including owning their database). The price for freedom from 
extortionary vendor tactics is the responsibility of securing one's 
records, it is not a resource intensive process..

Gerry :)

Gerry Arthus

Systems Administrator:

Long Island Library Resources Council

SUNY at Stony Brook

Stony Brook, New York

US          11794-3399

Phone: 1-631-632-6652

FAX: 631-632-6662

Home: 631-289-7565

Email: garthus at lilrc.org

 

Professor:

Departments of:

Graduate Computer Engineering, Earth and Environmental Science, and 
Engineering Management

C.W. Post Campus of Long Island University

720 Northern Boulevard

Brookville, New York

US 11548-1300

Phone: 516-299-2293

 

 

 

 





 wrote:

> On 2004-11-06 00:39:58 +0000 Baljkas Family <baljkas at mts.net> wrote:
>
>> I don't think this question has been raised before -- and I apologise 
>> in advance if it has been, or if asking it this way is simply 
>> hopelessly naive/ignorant: but how safe against hacking, e.g. would 
>> Koha be? Or is this more a matter of systems admin level securities 
>> behind which Koha would be shielded? (G*d, I hope so.)
>
>
> I went through the code fixing some structural security errors during 
> the 1.9 development versions. I've not tried testing koha heavily, 
> simply through lack of time.
>
> In 2.0, there are some known bugs to do with the librarian access 
> levels: having the circulation desk get full librarian access is 
> undesirable. I hope this has been fixed during 2.1 and will be 
> available to users in 2.2, but I've not checked. Maybe more 
> 2.1-centred developers can tell?
>
> I think you also want to consider the security of all machines which 
> use the koha librarian interface. It's mostly hopeless having 
> wonderful security on the server if someone can put a password sniffer 
> on a superlibrarian's computer. This may even be a larger 
> vulnerability than almost all likely server problems.
>
>> [...] the PTBs in their corporate or organisational culture were 
>> concerned, it was against the rules because there would be no one to 
>> sue if something went wrong?
>
>
> I believe this is largely a distraction tactic. At best, you will end 
> up effectively suing your supplier's insurance company. Few of the 
> people who raise this question have ever suggested trying to sue 
> Microsoft after a virus shuts down their office computers or overflows 
> their email.
>
> Some organisations like free software because it reduces absolute 
> dependence on one outside supplier, even if it will take more 
> time/cost more to develop in-house or find an alternative supplier. It 
> gives more options and keeping options open is usually good for business.
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.katipo.co.nz/pipermail/koha/attachments/20041108/12492a25/attachment.html


More information about the Koha mailing list