lightwavelibrary.com← Previous day | Today | Next day → | Search | Index
All times shown according to UTC.
| Time | Nick | Message |
|---|---|---|
| 00:07 | mbridge joined #koha | |
| 01:07 | mbridge joined #koha | |
| 02:07 | mbridge joined #koha | |
| 03:07 | mbridge joined #koha | |
| 04:07 | mbridge joined #koha | |
| 04:18 | mbridge | [mattermost] <dcook> As I noted on the Bugzilla report, be mindful of security as well. |
| 04:18 | [mattermost] <dcook> That "buildendpoint.pl" idea would be a security nightmare for instance. | |
| 05:07 | mbridge joined #koha | |
| 06:07 | mbridge joined #koha | |
| 06:19 | alex_a joined #koha | |
| 06:37 | thibaud_glt joined #koha | |
| 06:49 | reiveune joined #koha | |
| 06:59 | reiveune | hello |
| 07:07 | mbridge joined #koha | |
| 07:15 | lds joined #koha | |
| 08:07 | mbridge joined #koha | |
| 09:07 | mbridge joined #koha | |
| 09:43 | alex_a joined #koha | |
| 09:54 | lds joined #koha | |
| 10:07 | mbridge joined #koha | |
| 11:07 | mbridge joined #koha | |
| 12:07 | mbridge joined #koha | |
| 13:07 | mbridge joined #koha | |
| 13:23 | Dyrcona joined #koha | |
| 14:07 | mbridge joined #koha | |
| 14:32 | mbridge | [mattermost] <rudy.hinojosa> Hi David, |
| 14:32 | [mattermost] <rudy.hinojosa> Thank you for bringing up your concerns regarding the REST API endpoint accessing the Koha saved_sql table. I appreciate your diligence in ensuring the security and integrity of our system. Let me provide some clarity on how we've addressed these concerns: | |
| 14:32 | [mattermost] <rudy.hinojosa> FIPS Compliance: Our application is fully compliant with the Federal Information Processing Standards (FIPS). This ensures that we adhere to stringent security protocols and cryptographic standards mandated by the federal government. Compliance with FIPS guarantees that our application meets high security standards for data protection and encryption. | |
| 14:32 | [mattermost] <rudy.hinojosa> OAuth2 Authentication: We utilize OAuth2 credentials for authenticating API calls. OAuth2 is a robust and widely adopted authorization framework that ensures secure and controlled access to the API. By leveraging OAuth2, we can manage tokens, scope limitations, and refresh mechanisms to maintain secure and seamless access to the endpoint. | |
| 14:32 | [mattermost] <rudy.hinojosa> SQL Injection Prevention: Our code rigorously checks for SQL injection vulnerabilities before processing any queries. This involves parameterized queries and thorough validation of inputs to ensure that only safe and sanitized queries are executed. By employing these best practices, we mitigate the risk of SQL injection attacks and maintain the integrity of our database operations. | |
| 14:32 | [mattermost] <rudy.hinojosa> Malformed SQL Handling: Koha's backend has built-in mechanisms to identify and reject malformed SQL syntaxes. In addition to our preventative measures, Koha will not execute any query that does not conform to its SQL syntax rules. This dual layer of protection further ensures that only valid and well-formed SQL queries are processed. | |
| 14:32 | [mattermost] <rudy.hinojosa> Additional Security Measures: We also employ other security practices such as: | |
| 14:32 | [mattermost] <rudy.hinojosa> Role-Based Access Control (RBAC): Ensuring that only authorized users have access to the API endpoint based on their roles. | |
| 14:32 | [mattermost] <rudy.hinojosa> Rate Limiting: To prevent abuse and mitigate potential denial-of-service (DoS) attacks, we implement rate limiting on the API endpoint. | |
| 14:32 | [mattermost] <rudy.hinojosa> Audit Logging: All API calls and executed queries are logged for audit and monitoring purposes. This allows us to track and review access patterns and any anomalies in real-time. | |
| 14:32 | [mattermost] <rudy.hinojosa> By incorporating these measures, we have established a robust and secure framework for interacting with the saved_sql table via the REST API endpoint. I am confident that these steps adequately address the potential risks and ensure a secure implementation. | |
| 14:32 | [mattermost] <rudy.hinojosa> Please let me know if you have any further concerns or require additional information. | |
| 14:32 | [mattermost] <rudy.hinojosa> Best regards, | |
| 14:32 | [mattermost] <rudy.hinojosa> Rudy Hinojosa | |
| 14:32 | [mattermost] <rudy.hinojosa> CEO Lightwave Library | |
| 14:32 | [mattermost] <rudy.hinojosa> rudy.hinojosalightwavelibrary.com |
|
| 15:07 | mbridge joined #koha | |
| 15:08 | reiveune | bye |
| 15:08 | reiveune left #koha | |
| 16:07 | mbridge joined #koha | |
| 17:07 | mbridge joined #koha | |
| 18:07 | mbridge joined #koha | |
| 18:12 | indradg joined #koha | |
| 18:46 | indradg joined #koha | |
| 18:54 | Joubu joined #koha | |
| 19:07 | mbridge joined #koha | |
| 19:15 | indradg joined #koha | |
| 20:07 | mbridge joined #koha | |
| 20:33 | indradg joined #koha | |
| 21:07 | mbridge joined #koha | |
| 22:07 | mbridge joined #koha | |
| 22:12 | indradg joined #koha | |
| 23:07 | mbridge joined #koha |
← Previous day | Today | Next day → | Search | Index
