RE: [SLUG] Security for Open Source Application

From: Ken Elliott (kelliott11@cfl.rr.com)
Date: Tue Apr 28 2009 - 11:46:11 EDT


Pete wrote:
>> The data on a web server will be of the
type that is HIPAA protected so the security has to be pretty good.

Then you should enlist the services of a professional. If you expose HIPAA
data, I believe your legal liability could be rather large. Once a lawyer
learns that you used a "do-it-yourself" system, he will be all over you and
make you look reckless.

Ask your insurance provider about your coverage concerning this.

Ken Elliott
=====================

-----Original Message-----
From: slug@nks.net [mailto:slug@nks.net] On Behalf Of Pete Theisen
Sent: Monday, April 27, 2009 5:06 AM
To: slug@nks.net
Subject: [SLUG] Security for Open Source Application

Hi Everybody!

Is security especially problematic in open source? I have personally
only had one event to my website, but if the source code for a web
application is out there, it seems that an attacker has an advantage.

I am planning a Python application on the Dabo <http://dabodev.com/>
framework, both are open source. The data on a web server will be of the
type that is HIPAA protected so the security has to be pretty good. The
people interested in stealing the data will be insurance companies so
they will presumably have really good crackers working for them.

On advice, I was thinking of requiring WPA for wireless users (or use
hard wire) and using a SSL tunnel to the server. Also, I intend to keep
the personal contact information separate from the case data.

Anybody have any other or additional ideas? Thanks for any input.

-- 
Regards,

Pete http://pete-theisen.com/ http://elect-pete-theisen.com/ ----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.

----------------------------------------------------------------------- This list is provided as an unmoderated internet service by Networked Knowledge Systems (NKS). Views and opinions expressed in messages posted are those of the author and do not necessarily reflect the official policy or position of NKS or any of its employees.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 19:46:39 EDT