...
--no reason to hide .js files as we are open source
----however, might be useful to add certificates/signing to make sure javascript file that is being run is *our* file, not some other weird version
--need state based security in back end
--need to determine login (oauth, ssl?)
----X-site scripting
Back-end
Gliffy |
---|
name | Security Interactions |
---|
|
A closer look inside secure REST:
Gliffy |
---|
name | Sample REST controller |
---|
|
--state based security
--encryption of database
--logging
Existing problems
Logging
--does openmrs already have a system in place?
--put in a log file or in database? need to be able to search + audit, but don't want it to slow down our system