Uniform server

cverk wrote on Sunday, July 07, 2013:

I was playing around with an open source project called Uniform Server and wondered if this may be an answer to all the security angst about windows xampp. It has a simple interface and comes by default as a production server secured with recent component updates. There is a switch to change from development to production server. It has prompts to enter passwords for things like mysql etc. It allows you to turn off or on components like phpmyadmin and stays within its own directory making copying and backup easy. Fax and email servers don’t seem to work in windows anyway, so this could be something worth looking at.

cverk wrote on Sunday, July 07, 2013:

Oh by the way,I was able to make it work by copying the htdocs/openemr file to the uniserver/www directory along with the index files, and by sqldump of the mysql data files. I also had no problem running it from an encryted drive created with truecryt

cverk wrote on Sunday, July 07, 2013:

As I have studied this more there are a huge number of included characteristics that would help meet a lot of the phase 2 requirements for windows users. Certificates and static IP helps a lot with portals, security requirements are addressed, backup is addressed, the restriction of phpmyadmin is addressed etc. I attached the main index below showing all those parts. This seems way more mature and transparent than xampp and was updated to the newest versions of components 2 days ago. I’m sure I must be missing something about xampp, and before I consider changing over it would be interesting to here what it offers that isn’t offered by Uniform Server.

Installation Restriction
  Server Paths
Help
Security
Other Issues
  VC9 Libraries
  MySQL Access
  Windows 7, Vista and UAC
  Firewalls
Run as a standard program vs Run as a service

Quick Start

Start the Servers
Set New MySQL root password
Root folder www - Test
Add your Website or test pages
View pages
Stop the Servers
Where to next

Quick Start - More Detail

Installation
Installing your Website or Test pages
Server Control
   Run as Program
   Run as Service
Server Utilities
Important - Security Feature
Set New MySQL root password
How to put the servers on-line
How to check Server Internet Access
Where to next

Quick Start - User Configuration

Splash page
  Enable/Disable splash page
  Change Splash Page
User buttons www and ssl
  Change www page
  Change ssl page
  Change button names (www or ssl)
Start-up - Nagging
  Enable/Disable - Nagging
Browser Selection
  Installing portable Firefox
  Installing portable Opera
  Installing portable GoogleChrome
  Enable in configuration file
Where to next

Quick Start - Run as a parogram

UniController Menu
Interlinked server control

Quick Start - Run as a service

UniController Menu
Interlinked server control

Quick Start - Server Utilities

B1 - MySQL Console
B2 - Server Status
B3 - Apache Syntax Check
B4 - Server Configuration
B5 - Multi Servers
B6 - Select Language
B7 - View www
B8 - View ssl
B9 - View phpInfo
B10 - phpMyAdmin
B11 - Server Documentation
B12 - About

Quick Start - Multi-Servers

Multi Servers
Files modified

General - Introduction

Change ports, Apache and MySQL
Clear server log files
Root www - Change passwords and access
Root ssl - Change passwords and access
Root phpMyAdmin - Change Access

General - Change Ports

Change Apache and MySQL ports
Files modified

General - Clear Logs

Clear server log files
Files modified

General - Root folder www - Access

Overview
Background information
Creating a password file
Enable or disable name password access
Change Access
  Local Access
  Local and Intranet Access
  Local, Intranet and Internet Access

General - Root folder ssl - Access

Overview
Background information
Creating a password file
Enable or disable name password access
Change Access
  Local Access
  Local and Intranet Access
  Local, Intranet and Internet Access

General - phpMyAdmin Access

Features
Root phpMyAdmin - Change access type
Background information

Apache - Introduction
Edit Basic Configuration
Edit configuration files
Edit httpd.conf
Edit ssl.conf
View log files
View Error log file error.log
View Access log file access.log
View SSL Error log file error.log
View SSL Access log file access.log
Generate Certificate
Apache Vhosts
Apache Data
Apache server-status
Apache server-info
Apache Modules Enable Disable

Apache Basic Configuration

Overview
Server Name
Server Admin Email
Directory Index Files
Server Side Includes
Server Signature
Listen Port

Apache - Vhosts

Overview
  Inform Apache to use Vhosts
  Adding a Vhost
  Vhost additional Apache directives
Vhost Configuration Menu
Vhost Configuration Menu Example

Apache - SSL

How to Enable SSL
Background
  SSL Overview
  IP addresses and SSL
  Apache configuration file changes
  SSL Virtual Host
  Certificates and signing request (CSR) location
  View installed server certificate details

Apache - Server Certificate Self-Signed

Creating a self-signed certificate
Alternative Scripts
  Generate_server_cert_and_key.bat
  Generate_server_cert_and_key.vbs
  Key_cert_gen.hta

Apache - Free Server Certificate

Register a domain name
Create an account at StartSSL
Creating a certificate signing request (CSR)
Sign certificate at StartSSL
Download StartCom CA Certificates - Information
Install certificates
Edit SSL Configuration file
Local Test

MySQL - Introduction

Change Password
Restore Password
Edit my.ini
View Error log file mysql.err
Create Delete Database
Create Restricted MySQL User
Edit Restricted MySQL User

MySQL - Change password

Set New MySQL root user password using UniController
Set New MySQL root user password using phpMyAdmin
Set New MySQL root user password using MySQL Console

MySQL - Restore password

Restore MySQL root user password using UniController
Restore MySQL root user password using command window
  Kill MySQL process
  Restart MySQL server skip grant
  Set Password and Update grant tables
  Kill process and restart

MySQL - Console

Command window
  How to run a standard command window
  MySQL console command window short cut
  Quick MySQL binary folder check
Start MySQL Client

MySQL Create Delete Database

Create Delete Database using UniController
Create Delete Database using phpMyAdmin
Create Delete Database using command window
  Command window - mysqladmin
  Command window - mysql Client

MySQL Create Restricted User

Create Restricted MySQL User using UniController
Create Restricted MySQL User using phpMyAdmin
  Open Add new user page
  Create new user
  Assign user to a database
Create Restricted MySQL User using command window
Delete Restricted MySQL User using command window

MySQL Edit Restricted User

Edit Restricted MySQL User using UniController
Edit Restricted MySQL User using phpMyAdmin
Edit Restricted MySQL User using command window
Related topics

PHP - Introduction

Edit Basic Configuration
Directly edit configuration files
  Edit Current Configuration file: php.ini
  Edit Production Configuration file: php_production.ini
  Edit Development Configuration file: php_development.ini
  Edit Command Line Configuration file: php-cli.ini
Configuration file switching
  Switch to Production Configuration file
  Switch to Development Configuration file
eAccelerator control panel
PHP Accelerators
  APC control panel
  eAccelerator control panel
  Zend Optimizer Plus control panel
PHP Extensions Enable Disable
Note: PHP mail() function

PHP - Short open tags

Why
Testing older scripts
Convert older scripts as follows

PHP - PEAR Auto Install

Install PEAR core package
Open PEAR Web Frontend
Using PEAR Frontend
  Update the Channel Management system
  Downloading modules
Form - Test Script

PHP - PEAR Manual Install

Install PEAR core package
  Download and Extract PEAR core package
  Install core package on The Uniform Server
Installing PEAR packages
  A Quick tour of PEAR repository
  Installing Dependencies
  Installing PEAR Package - QuickForm
Form - Test Script
PEAR Alternate location
  Change include path for PEAR

MSMTP - Introduction

Features
Overview
Edit MSMTP Configuration
Default Account
Send Test E-Mail
View Log

MSMTP - Detail

Background
Edit MSMTP Configuration
Default Account
Integration
Upgrade
How MSMTP client was integrated

CRON - Introduction

Features
Configuration file
  Configuration block format
Cron Controller
  Run as a program
  Run as a service
Logging
Summary

CRON - Configuration detail

Configuration file
  Configuration block format
Cron Controller
  Run as a program
  Run as a service
Time resolution
User Cron script-configuration
Logging
Test Scripts

DtDNS - Introduction

Edit DtDNS Accounts
Force DtDNS UpDATE
Enable Log
View Log
Enable in CRON

DtDNS - Detail

Overview
Edit DtDNS Accounts
Force DtDNS UpDATE
Enable Log
View Log
Enable in CRON

Create DtDNS Account

Creating a DtDNS account
Creating a Hostname overview
  General information
  Wild Cards
Create Hostname
  Login
  Create hostname
  Manage existing hostnames

Db Backup

Features
Overview
Edit DB Backup Config
Force DB Backup
Enable log
View Log
Enable In Cron
Select DBs to backup
Restore DBs from backup

Db Backup - Detail

Edit DB Backup Config
Force DB Backup
Enable log
View Log
Enable In Cron
Select DBs to backup
Restore DBs from backup

Perl

Overview
  Auto tracking
  UniController support
  Convert to Unix format
Perl control panel

Perl - Install ActivePerl

Download ActivePerl
Install ActivePerl
Background

Developed By The Uniform Server Development Team

tmccormi wrote on Monday, July 08, 2013:

Almost anything would be better than xampp for production use. Sounds like
a nice option for windows.
Tony
On Jul 6, 2013 8:58 PM, “CVerk” cverk@users.sf.net wrote:

Oh by the way,I was able to make it work by copying the htdocs/openemr
file to the uniserver/www directory along with the index files, and by
sqldump of the mysql data files. I also had no problem running it from an
encryted drive created with truecryt

Uniform serverhttps://sourceforge.net/p/openemr/discussion/202504/thread/69a705cd/?limit=25#7239

Sent from sourceforge.net because you indicated interest in
OpenEMR / Discussion / OpenEMR Users

To unsubscribe from further messages, please visit
SourceForge.net: Log In to SourceForge.net

aethelwulffe wrote on Tuesday, July 09, 2013:

Thoughts like “checkout openssl functionality” come to mind. I like the Apache vhosts bit. Thanks for looking into this guys, and I will be sure to put it on my “Maybedo” list as well.
Gives me hope.
CVerk, did you use TrueCrypt on the whole drive, or just in a container?

tmccormi wrote on Tuesday, July 09, 2013:

Cverk did the truecrypt test. I just replied via email which copied his notes, SF does not clean up the thread like some forum tools do, but at least I can reply without logging in…
–Tony

cverk wrote on Tuesday, July 09, 2013:

I just ran it from a truecrypt container I named as the M drive and it seemed to work fine run as a program. I am a doc, not a programmer, which is why I put this in the user forum and asked for input. It is also why I remain uncomfortable with my ability to either secure xampp or become proficient at Linux. It seems a simple and secure windows solution is the answer to more widespread adoption.

yehster wrote on Tuesday, July 09, 2013:

While Uniform Server may be a great tool. Security issues are always changing. The biggest question would how easy will it be to update components as needed for security patches.
To that point, security is really more than just a one time choice of how to install the web stack.
This article is about joomla, but I think the overall tone/concepts for things to think about with regards to security are just as applicable to OpenEMR.
http://docs.joomla.org/Security_Checklist/Getting_Started

tmccormi wrote on Tuesday, July 09, 2013:

Simple and secure are not really compatible expect by using a single
computer in a locked room not connected to the internet… like we
did in 1988…

but… We can keep trying
On Jul 8, 2013 7:39 PM, “CVerk” cverk@users.sf.net wrote:

I just ran it from a truecrypt container I named as the M drive and it
seemed to work fine run as a program. I am a doc, not a programmer, which
is why I put this in the user forum and asked for input. It is also why I
remain uncomfortable with my ability to either secure xampp or become
proficient at Linux. It seems a simple and secure windows solution is the
answer to more widespread adoption.

Uniform serverhttps://sourceforge.net/p/openemr/discussion/202504/thread/69a705cd/?limit=50#f772

Sent from sourceforge.net because you indicated interest in
OpenEMR / Discussion / OpenEMR Users

To unsubscribe from further messages, please visit
SourceForge.net: Log In to SourceForge.net

cverk wrote on Tuesday, July 09, 2013:

OK, so secure is obviously a relative term and I remain as paranoid about that as anybody. I am using the current version of the 1988 setup with a small encrypted server in a locked room behind firewalls pointed at only the workstations in my office intranet. But is seems clear that if you plan to comply with the Federal Government and move to phase 2 of meaningful use, that my setup situation will not continue to be viable. It seems the project is moving towards the next release, which also seems to be aimed towards those new meaningful use standards. It would be nice to see the windows version of that release be an upgrade into some form of server stack that would be relatively more secure for that use than XAMPP. The Linux releases do seem to come ready to be a production server, and maybe 35 years ago I would have found it easier to become Linux proficient. This was just an idea of one such windows option, because I have not so far been very successful at creating my own production server stack with the various components individually. It does seem that ongoing upgrading is a problem for everybody, and if I come across an answer to that I will try and share it.

aethelwulffe wrote on Tuesday, July 09, 2013:

Tony,
You can reply via e-mail, and it has all the other attributes of e-mail as well. (ahem).

Putting your install in a truecrypt container does not really protect anything. You could just as easily tell windows to “make this folder private” and it would do the same thing.
I would only use truecrypt if I needed to secure an entire physical drive (.tc containers get corrupted, and you risk your data that way, I learned the hard way). I would also only need to do it if I also needed plausible deniability that the drive was anything but blank and unformatted when the terrorists or the NSA or the Sanford Florida cops catch me.

cverk wrote on Tuesday, July 09, 2013:

I was looking at truecrypt helping to meet the new HIPAA security standard of encryption at rest if someone were to physically walk off with my server. I am also using RAID drives, backup to encrypted external USB drives to take offsite and encrypted cloud backup to Amazon S3. My backup script to Amazon has sign on codes in it, so that resides on the encrypted container as well. I have almost 30 years of scanned paper charts in there for patient care access, all redundantly backed up.
I am sure phase 3 of meaningful use will probably include something along the lines of giving all of it to the NSA anyway.

tmccormi wrote on Tuesday, July 09, 2013:

Ha! too true “giving all of it to the NSA anyway” …
–Tony

fsgl wrote on Wednesday, July 10, 2013:

If ever we were forced to turn over our medical records, then it would be time to opt out of Medicare and go via private contracting. No more 24.4% Fee Schedule cuts, no more increase PQRS requirements, no more Value-Based Modifier Payment Adjustments and no more Meaningful Use.

aethelwulffe wrote on Wednesday, July 10, 2013:

And no more patients.
Puts a crimp in things for those who serve other folks than the .001%

cverk wrote on Monday, July 15, 2013:

I also got one called bitnami WAMP server to work, and that one was actually pretty easy. You just put the windows openemr download file into the htdocs folder and run localhost/openemr to start the setup script and it works without any apparent fuss. So could this or some other server stack you guys know of be a more secure and upgradable platform for windows, or is it going to turn out that stage 2 of meaningful use just cannot be achieved on a windows platform?