I have read most of the documentations about securing openEMR. From disabling PHPmyAdmin to restricting access to DB.But one big problem remains, no matter what we do, the users themselves have access to the code. I recently had a bad experience finding a bug introduced by a doctor who thought it was a good idea to mess with the code. In a bigger production environment, it’s scary. Any network admin can try to change the code.
Have anyone though of a way to package the code? Like compiling it? Any ideas or experience of doing so would be greatly appreciated.
Is doing so cause licencing problems and is against the GPL?If so, what are your suggestions?
It’s fundamental to open source that users are allowed to shoot themselves in the foot with it. If you are performing and supporting installations for them, you could generate checksums of the code to find out if they changed anything.
Are you sure that user without admin rights has access to the content of web directory? If so, there is a major security hole in your setup.
If your concern is about availability of source PHP scripts for changes by administrators, consider a tool like phpprotect.info or schedule a cron job that could rsync a protected source directory. Looks like there are other commercial products to take more drastic measures.
However a determined semi-techie can use GOOG to locate and then download OpenEMR from sourceforge!
Thanks Rod for the response. This installation was for a couple of doctors only but I’m having a bigger implementation in a couple of weeks. The problem is that they do know that they’re going to get in the code and managers are asking me to make it unavailable to the system admins. I got started searching and came across encoders. Tried some of them :
1- ZZEE PHPExe : Didn’t like it. Keeps giving me errors without proper logging.
2- Bambalam : Not an encoder! All it does is convert the code into bytecodes.
3- php Ptotect: changes variable names only.
4- SourceGuardian: info coming up.
So I have one question from you guys who have your own versions of OpenEMR such as DrCloud or ZH or others.Sure you have had on site installation. You may have techniques of protecting your code from altering. Sharing would be greatly appreciated.
I have an idea that might appeal to OpenEMR devs. Brady and Rod or any others might step in if intrested.
I’m a Rails dev and not experienced in php at all. There are similarities but at the end of the day, I sometimes miss the good old compiler.
SourceGardian is one of the above I tested. Not free but have a trial. Tried to compile the OpenEMR project with it. Some php files pass some not. Good logging with line indication is present. Can this tool( not sure if the compiler is good enough though) be the ultimate bug catcher for this project? I mean obviously every once in a while people find bugs in production but I think it’s worth it to take a look. Anyone interested?
Thanks MD for the reply. As I told Rod, the problem are network admins and I have to deal with that,funny. Anyhow have you tried any of the encoders with success ? If yes please share the name of the encoders.
Doing an rsync is a good approach. But setting up the protected source for that instance of OpenEMR is also of concern, both physically and support wise. We either have to have our own servers or keep them on the same server on users site which again is a bad idea. On the site, they have their own servers and admins can pretty much do whatever they want because of the other systems they have.
I wouldn’t worry about a techie to get the original source. Cause the customizations are so big in every area that they can’t just make the same system and replace the encoded code and no one would notice.I mean they could(if they try hard) but they need to add good programmers to their team to accomplish that. Remember all we do is to make it harder for them so they say hell, it’s not worth it.
Hi,
A poor man technique could be to place the codebase you run from in a git repo (use gitignore on documents folder and the like), which can also be monitored for changes(and very quickly reverted).
-brady OpenEMR
Hi Brady
That was my first thought. Actually my first thought was cloud and all the code would remain untouched. The host server is offline. Not behind a firewall but literally offline. So much for the remote support I know.
I guess my best bet would be encoding/compiling the code. Did you see my third post on this threat? Packaging the code to exe to run like a native desktop program sound also nice. All the Xampp talk or configurations are also gone and it makes the project more user friendly to have exe package to download, Besides the fact that in a production environment it makes more sense.Any thoughts/help?
If you want to monitor the code in offline mode, you can install GitLab in your local and use that to commit your code changes and keep track of the modification easily.
It should be possible to deny the network administrators write permissions.
If downgrading them to limited accounts in Windows or non-superuser accounts in Linux is too blunt an instrument, changing the permissions for individual folders may be more targeted.
Another thought is to have a version of one of Brady’s Demo’s in the main server. Most of us non-techies don’t know how to get into the Demo’s codebase. The network administrators would need LogMeIn to get in remotely. For good measure phpMyAdmin can be removed & MySql passwords are not disclosed.
If either can be accomplished, prophylaxis may be preferable to a cure.