Project - Hybrid App with Image Processing

zerai · May 9, 2020, 3:52pm

If the problem is “human resource,” I’m with you, leave the library inside openemr.
But you should consider that “security” is the fastest sector/area in IT, it evolves on a daily basis, every year there is a new standard, openemr maintainers are able (in human cost terms) to follow that velocity? I hope, but it’s hard to believe because you need a working person only and exclusively for that.

In a few words, when you or Brady update the library code is for application need (login system, or other things). There is no update t external reasons like IT security standard OSWAP or other standards, new threats.

In the long term, the effort to integrate new security&auth features (stateless, OAuth, openId, ecc…) on old and not maintained library with bug is much bigger than a replacement with a well modern and maintained sec. Library. IMHO (pay the cost once VS pay forever)

Check the result on sonarcloud there are a couple versions of openemr, see the warning/stats/score in the security area.

(Sorry for typos, English is not my language)

zerai · May 9, 2020, 4:11pm

I can give you admin auth for update or if you want move the repo…

brady.miller · May 10, 2020, 8:21am

@sjpadgett ,
I was gonna play around with making a new api route table (and other pieces) portal akin to api/fhir for support of a patient specific api. Does that make sense? Shouldn’t step on what your doing and there’s a good chance my work may end up in the wastebasket anyways

im-Amitto · May 10, 2020, 8:45am

Let me know if i can help in some way

sjpadgett · May 10, 2020, 12:21pm

Your English is great. My understanding is that English is the hardest second language to learn! lol, i’m still learning as first language…

I get your point though and I would never be opposed if somebody wanted to tackle the issue. However just now, I don’t have the energy. In the end, I may not even use our current ACL or decide to go a different way concerning permissions.

Thanks for input.

sjpadgett · May 10, 2020, 12:30pm

Ya missed my hint hint there.
Anyway, I have the source and now you’ve given approval, i’ll integrate when I get back on modules.
I still need to adopt additional module install scheme besides composer installs.
For normal day to day users, composer installs are proving cumbersome.

sjpadgett · May 10, 2020, 12:40pm

Hi Brady,
You’re fine. I just wanted to let folks know we’re working new authentications to support mobile and especially FHIR.

brady.miller · May 13, 2020, 8:42am

@sjpadgett and @im-Amitto ,
Took a stab at the patient portal api:

brady.miller · May 17, 2020, 2:49am

Patient portal rest api is now in the codebase

im-Amitto · May 17, 2020, 7:34pm

Great

brady.miller · May 18, 2020, 4:57am

@im-Amitto , Are you using the online demos to connect to or a local instance? I am pretty sure I’ll need to make a couple adjustments to the demo data to support connections (without the demo patient needing to login to the portal and verify). Just let me know and I can work on adding that.

im-Amitto · May 18, 2020, 8:31pm

I’m using a local instance.