Re: [mod-security-users] open source web medical records security
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] open source web medical records security
|
From: Ivan R. <iv...@we...> - 2005-07-11 12:42:03
|
Dr James G Brown wrote:
> Has anyone had experience with using mod security in a web based
> electronic patient record application. I am co developing an open source
> system to be used in the uk possibly the NHS and need advice and
> previous expertise in the security relating to web based 3 tier
> applications especially regarding security any advice would be appreciated
If you are developing a brand-new system then my suggestion would be
to focus on the security of the application. Since modsecurity is
a deployment-level tool, you only need to be concerned with it if
you are also developing an example-architecture for the
application. In such cases there two big advantages to using
mod_security:
1) You can monitor and record the HTTP traffic.
2) When application faults are discovered (and they usually are),
mod_security can be used as a temporary measure until the problem
is fixed in the application.
--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
|
