[Koha] Koha Security - can someone provide a description of the encryption?

James Keener jim at jimkeener.com
Thu Jul 16 00:33:34 NZST 2015


Im not a dev or even a power use, so believe them over me.

The security of patron records is on you. You need to ensure physical security. You need to set up TLS for connections. You need to encrypt the volume the database resides on. (May be overkill and you will take a performance hit, but the option is there.)

Also, your records are only as secure as your back ups are physically and with respect to encryption.

Encrypted records would be such a problem with respect to proper key management that I can see koha doing that.

I'm sure all user passwords are hashed, not encrypted, with a strong hash function, as is tech industry standard.

You're also free to peak inside the database to see how records are stored.

Jim



On July 15, 2015 8:18:25 AM EDT, "Hartman, David W. - Tech Library" <David.W.Hartman at disney.com> wrote:
>Hello!
>
>I was wondering what type of encryption is in Koha for patron records. 
>I just want to let my leadership know the data is secured.
>
>David W. Hartman
>
>_______________________________________________
>Koha mailing list  http://koha-community.org
>Koha at lists.katipo.co.nz
>https://lists.katipo.co.nz/mailman/listinfo/koha

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.


More information about the Koha mailing list