If the problem is “human resource,” I’m with you, leave the library inside openemr.
But you should consider that “security” is the fastest sector/area in IT, it evolves on a daily basis, every year there is a new standard, openemr maintainers are able (in human cost terms) to follow that velocity? I hope, but it’s hard to believe because you need a working person only and exclusively for that.
In a few words, when you or Brady update the library code is for application need (login system, or other things). There is no update t external reasons like IT security standard OSWAP or other standards, new threats.
In the long term, the effort to integrate new security&auth features (stateless, OAuth, openId, ecc…) on old and not maintained library with bug is much bigger than a replacement with a well modern and maintained sec. Library. IMHO (pay the cost once VS pay forever)
Check the result on sonarcloud there are a couple versions of openemr, see the warning/stats/score in the security area.
@sjpadgett ,
I was gonna play around with making a new api route table (and other pieces) portal akin to api/fhir for support of a patient specific api. Does that make sense? Shouldn’t step on what your doing and there’s a good chance my work may end up in the wastebasket anyways
Your English is great. My understanding is that English is the hardest second language to learn! lol, i’m still learning as first language…
I get your point though and I would never be opposed if somebody wanted to tackle the issue. However just now, I don’t have the energy. In the end, I may not even use our current ACL or decide to go a different way concerning permissions.
Ya missed my hint hint there.
Anyway, I have the source and now you’ve given approval, i’ll integrate when I get back on modules.
I still need to adopt additional module install scheme besides composer installs.
For normal day to day users, composer installs are proving cumbersome.
@im-Amitto , Are you using the online demos to connect to or a local instance? I am pretty sure I’ll need to make a couple adjustments to the demo data to support connections (without the demo patient needing to login to the portal and verify). Just let me know and I can work on adding that.
