Questions to be discussed
- Security on front end
- No reason to hide .js files as we are open source (should we sign them?)
- However, might be useful to add certificates/signing to make sure javascript file that is being run is *our* file, not some other weird version
- Login
- OAuth, SSL
- OpenMRS currently only has Basic Authentication
- State based security on back end
- Database Encryption
- Logging
- Put in a log file or in database? need to be able to search + audit, but don't want it to slow down our system