[OPEN-ILS-DEV] a question of security

Erik Lewis elewis at ngrl.org
Mon Dec 14 19:08:18 EST 2009 

General comment

Security cannot impede service nor detract from your primary mission.   
If security concerns create an unspportable configuration they become  
an impediment.  Security 101 does dictate seperation of roles and  
interfaces but a app server database server configuration can be just  
as secure/insecure as both on the same host.

You owe your patrons data security but you also owe the the basic  
business of being a good library.

On Dec 14, 2009, at 6:23 PM, "John DeRosa" <technology at aptalaska.net>  
wrote:

> Hello evergreen community,
>
>
>
> This is my first email to the community. I have been employed as the  
> technology coordinator in the haines borough public library in  
> haines, Alaska, for the past 5 months. I am new to the evergreen  
> system.
>
>
>
> Evergreen was picked as a solution for our library earlier this year  
> before my tenure. We have a small, isolated community of about 2000  
> people with a healthy percentage involved in the library. I am aware  
> that evergreen has some very large installations.
>
>
>
> During the planning and negotiations stage and before my time here,  
> security concerns were brought up. Network and security folks with  
> more experience than me in that area stated that “network 101 securi 
> ty” says that your database should be in a more secure location than 
>  the webserver. There was great concern expressed that private patro 
> n information could be hacked if someone gained access to the webser 
> ver.
>
>
>
> Working with esi, our installation of evergreen was broken up  
> between two servers with the database and some other services on a  
> server behind a firewall and the webserver on the front-end server.  
> The system is up and running.
>
>
>
> This solution is less then perfect. Maintenance has become a  
> headache as stopping and restarting the servers is time consuming  
> and not error-proof for a neophyte like me. I have also expressed  
> security concerns with the technology that allows these servers to  
> communicate. Having evergreen split between these two servers has  
> added a level of complexity that makes my job more difficult.
>
>
>
> So, finally, here’s my questions. What are you guys doing out there? 
>  Have you seen this as a problem? Have you had security concerns wit 
> h the evergreen system running on one server? Has anyone done what w 
> e’ve done here? Have you seen security breaches with the standard ev 
> ergreen installation? Any other information you could send me would  
> be greatly appreciated.
>
>
>
> Thanks,
>
>
>
> John DeRosa
>
> Haines Borough Public Library
>
> 907-766-3830 ext 3
>
> technology at aptalaska.net
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://libmail.georgialibraries.org/pipermail/open-ils-dev/attachments/20091214/bd5b7c38/attachment.htm

More information about the Open-ils-dev mailing list