[Koha] Koha Security - can someone provide a description of the encryption?
Hartman, David W. - Tech Library
David.W.Hartman at disney.com
Thu Jul 16 00:35:51 NZST 2015
Thank you James!
From: James Keener [mailto:jim at jimkeener.com]
Sent: Wednesday, July 15, 2015 8:34 AM
To: Hartman, David W. - Tech Library; Koha at lists.katipo.co.nz
Subject: Re: [Koha] Koha Security - can someone provide a description of the encryption?
Im not a dev or even a power use, so believe them over me.
The security of patron records is on you. You need to ensure physical security. You need to set up TLS for connections. You need to encrypt the volume the database resides on. (May be overkill and you will take a performance hit, but the option is there.)
Also, your records are only as secure as your back ups are physically and with respect to encryption.
Encrypted records would be such a problem with respect to proper key management that I can see koha doing that.
I'm sure all user passwords are hashed, not encrypted, with a strong hash function, as is tech industry standard.
You're also free to peak inside the database to see how records are stored.
Jim
On July 15, 2015 8:18:25 AM EDT, "Hartman, David W. - Tech Library" <David.W.Hartman at disney.com<mailto:David.W.Hartman at disney.com>> wrote:
Hello!
I was wondering what type of encryption is in Koha for patron records. I just want to let my leadership know the data is secured.
David W. Hartman
________________________________
Koha mailing list http://koha-community.org
Koha at lists.katipo.co.nz<mailto:Koha at lists.katipo.co.nz>
https://lists.katipo.co.nz/mailman/listinfo/koha
--
Sent from my Android device with K-9 Mail. Please excuse my brevity.
More information about the Koha
mailing list