Security concerns for AWS docker installation

aws
docker

(billgates2000) #1

Hi guys, newbie here, with a recent installation of openemr express on AWS using the one-click installation (docker). I worry about the security of my data so here are some questions:

  1. Is the automatic AWS one-click installation secure enough? I will be setting up SSL / https but I was wondering if that is enough to have a piece of mind.

  2. Is there a way to encrypt the patients’ data in the actual database fields? This way if someone manages to get access to my database, he won’t be able to see the actual data.

  3. Let’s say that there is a MySQL or Apache critical security patch issued tomorrow. Will my AWS installation (on the docker) get that patch automatically or will I have to manually check daily for security patches for MySQL/Apache/Php and apply them on my docker setup myself?

  4. Same question as [3] above, but for openemr security patches.

Thanks a lot!


(ViSolve) #2

@Gates,
Here is our 2 cents…
All of these questions are good and valid ones but we are afraid all of these are outside
the scope of OpenEMR, though OpenEMR may build a docker version when there is a vulnerability in one of the stack components all the way from the webserver to DB server.
-Visolve101