Re: [Oscarmcmaster-users] Oscar connection problems

[Peter Hutten-C. <phu...@gm...>]

Failed login with valid credentials (yes it is a hash but mac2002 does
convert to -51-282443-97-5-9410489-60-1021-45-127-12435464-32 ) makes me
think that someone forgot to set the admin or doctor role to the appropriate
provider (the program applies a fairly granular level of security so that
you need certain roles assigned to access parts of the program.  No role
assigned = no program access).  I have never done this from outside the
program, but you should be able to suss it, all you need is the database
password.

For security reasons, the only place this password is visible is in the
properties file, which unless you make a special install, should be only
accessible from someone who has hacked the su password, so the data should
be safe if someone steals the box, at least from casual theft/hacking.

MySQL does not support table encryption per se beyond requiring a password
(and if it did it would still require leaving a password in some property
file), box wide encrytion (I suppose for speed having the kernel using a
loop virtual drive to access encrytion functions) can obviously be done but
I have never bothered.  I too would be interested in other users ideas on
this.


-- 
Peter Hutten-Czapski
Haileybury Ontario

"The small town needs the best and not the worst doctor procurable, for the
country doctor has only himself to rely on. He cannot in every pinch hail
specialist and nurse."
-Dr. Abraham Flexner 1910 "Advancement of Teaching Medical Education in the
United States and Canada"