2012-09-13 Security Meeting

Owned by John V Stoecker (Unlicensed)
Last updated: Sept 13, 2012
2 min read


Questions to be discussed

 

  1. Security on front end

    1. No reason to hide .js files as we are open source (should we sign them?)
    2. Cosmetic restriction will be useful
    3. However, might be useful to add certificates/signing to make sure javascript file that is being run is *our* file, not some other weird version
      1. Downside: performance
    4. Example: user queries all patients, scrolls through all patients in the front end
      1. Should we log this?
  2. Login
    1. OAuth, SSL
    2. OpenMRS currently only has Basic Authentication
    3. Solve man-in-the-middle attack with SSL
  3. State based security on back end

    1. Many EMRs have only wide permissions – Doctor X can either see all patients, or no patients
      1. We already have this
    2. Prefer to have granular permissions - Doctor X can see Patients A,B,C, Doctor Y can see Patients B,D,E
    3. Where to put the permissions?
      1. Recommended by Michael to customize OpenMRS
        1. Would make updating OpenMRS more difficult
    4. Eventually may want to write our own entirely new system
      1. Should start document designing our own system

      2. Downside: updating JSS off OpenMRS will become more difficult later

  4. Database Encryption
    1. Would want to encrypt only sensitive data
      1. Separating sensitive and non-sensitive is prone to error (almost never works)
      2. Any medical information is sensitive in an Indian village
      3. Separate sensitive patient data and general medical information (Heart Burn, Aspirin, etc) into separate tables
  5. Logging
    1. Put in a log file or in separate database? need to be able to search + audit, but don't want it to slow down our system
      1. Whichever is faster
      2. Probably log file with a large buffer
    2. Is it sufficient to only logging REST calls?
      1. Eventually want to log front end data as well (which module is being used)
      2. Analytics to see how users go through the system
  6. Types of breaches:
    1. Downloading of all patient data, selling it
    2. Nurse/doctor is curious, looking up data on them
  7. What to cache on local device
    1. Make sure to clear patient data after a session
  8. Start document on vision comparing with other EMRs