[SLUG] Security for Open Source Application

From: Pete Theisen (petetheisen@verizon.net)
Date: Mon Apr 27 2009 - 05:06:19 EDT


Hi Everybody!

Is security especially problematic in open source? I have personally
only had one event to my website, but if the source code for a web
application is out there, it seems that an attacker has an advantage.

I am planning a Python application on the Dabo <http://dabodev.com/>
framework, both are open source. The data on a web server will be of the
type that is HIPAA protected so the security has to be pretty good. The
people interested in stealing the data will be insurance companies so
they will presumably have really good crackers working for them.

On advice, I was thinking of requiring WPA for wireless users (or use
hard wire) and using a SSL tunnel to the server. Also, I intend to keep
the personal contact information separate from the case data.

Anybody have any other or additional ideas? Thanks for any input.

-- 
Regards,

Pete http://pete-theisen.com/ http://elect-pete-theisen.com/ ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:46:05 EDT