Fractal of fail
People are using PHP for a medical records system?
WTF?
Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system. A team of researchers at Project Insecurity discovered and reported the flaws, which were patched last month by the OpenEMR developers in version 5.0.1.4. With the fixes now having been out for …
This post has been deleted by its author
As the Facebook 'Dumb-Fucks' generation are all going to live forever anyway, once Palantir-Peter-Thiel decides to monetize the 'vampire blood therapy'. But the more leaks breaches hacks of health data, the easier it is for Zuck to manufacture consent that its ok to slyly buy patient health data:
---
https://www.theregister.co.uk/2018/04/06/facebook_tried_to_slurp_medical_data/
http://www.theregister.co.uk/2016/08/01/peter_thiel_wants_young_blood_for_longevity/
automated testing tools."
How IBM Federal Systems Division did it with writing the Shuttle software. Before they started recording every line change and every error source (and pattern of every error).
So there is an O/S medical records system. Could the NHS use it? HMG spent £15Bn+ on their clusterf**k of a medical records system.
Could the NHS use it?
Only if it benefit any friends-of-MPs who can then give them a cushy 'consultancy' job?
>>>> Joke icon, because of course I'm only joking about our fine Members of Parliament being on the take...
So all of those vulnerabilities exist because someone decided the whole thing absolutely HAD to be web-based. Why is it web-based? Or more importantly why is it ALL web-based? Is there really a saving in term of development costs? The UI still needs to be designed and built - just using a different technology stack. All you seem to get is vulnerabilities and attacks.
Time to re-think whether you should expose all your precious data in that way, or whether you can limit the web-based stuff to an absolute minimum, and limit the information held in the DB that serves it. Keep the rest well away from the web I say.
There are respectable enterprise data analytic products that are web-based. E.G. Splunk. PHP is the bigger worry, as is a lack of interface and web server hardening. The common alternatives that I find myself stuck with on a day-to-day basis include Java and Citrix, the latter being the most unsupportable and horrible to work with.