Difference between revisions of "Securing OpenEMR"

From OpenEMR Project Wiki
Line 4: Line 4:


==OpenEMR==
==OpenEMR==
:After installation/upgrade consider removing(or not allowing access) to the following scripts, which are not needed for general OpenEMR use:
:*library/sqlconf.php
:*acl_setup.php
:*acl_upgrade.php
:*sl_convert.php
:*setup.php
:*sql_upgrade.php
:*gacl/setup.php
:*ippf_upgrade.php
:*admin.php
:*entire contrib directory
:After a patch consider removing(or not allowing access) to the following scripts, which is not needed for general OpenEMR use:
:*sql_patch.php


==Network==
==Network==

Revision as of 20:22, 22 October 2011

Securing OpenEMR

Overview

With the advent of the Patient Portals, the community is now addressing the issues of how to best secure OpenEMR instances that are open to the web. Doing this requires a firm understanding of securing several parts, which at least include OpenEMR itself, Apache, MySQL, firewall, router, https, certficates, etc. A forum that began to discuss this issue can be found here. Note this document is just a work in progress; hopefully as members of the community began securing their OpenEMR instances for the web, they will place things they learned here in order to help others.

OpenEMR

After installation/upgrade consider removing(or not allowing access) to the following scripts, which are not needed for general OpenEMR use:
  • library/sqlconf.php
  • acl_setup.php
  • acl_upgrade.php
  • sl_convert.php
  • setup.php
  • sql_upgrade.php
  • gacl/setup.php
  • ippf_upgrade.php
  • admin.php
  • entire contrib directory
After a patch consider removing(or not allowing access) to the following scripts, which is not needed for general OpenEMR use:
  • sql_patch.php

Network

Apache

MySQL