[prev in list] [next in list] [prev in thread] [next in thread]
List: openmrs-implementers
Subject: Future Sprint Topic: Flosshack Security Issues
From: "Power, Chris" <powerc () regenstrief ! org>
Date: 2013-01-29 18:53:02
Message-ID: B0DFE1BEB3739743BC9B639D0E6BC8FF478E5A () IU-MSSG-MBX104 ! ads ! iu ! edu
[Download RAW message or body]
As some of you are aware a group dealing with security had a hackathon to determine \
vulnerabilities with OpenMRS and the list of those items have been compiled. My \
question to the community is how do we want to react to this list? The majority of \
issues found are XSS-related, but there are also some session management problems and \
miscellaneous other items. Is there someone who has interest in being a Product \
Owner, Developer Lead or Developer on a piece of work around these issues? The time \
frame would be late March to early April unless the Roadmap group or the community \
calls out for it to be done earlier.
Chris Power
Health Information Project Coordinator II
powerc@regenstrief.org<mailto:powerc@regenstrief.org>
Ph: 317.423.5678
Warning! My email has changed to powerc@regenstrief.org
Confidentiality Notice: The contents of this message and any files transmitted with \
it may contain confidential and/or privileged information and are intended solely for \
the use of the named addressee(s). Additionally, the information contained herein may \
have been disclosed to you from medical records with confidentiality protected by \
federal and state laws. Federal regulations and State laws prohibit you from making \
further disclosure of such information without the specific written consent of the \
person to whom the information pertains or as otherwise permitted by such \
regulations. A general authorization for the release of medical or other information \
is not sufficient for this purpose.
If you have received this message in error, please notify the sender by return e-mail \
and delete the original message. Any retention, disclosure, copying, distribution or \
use of this information by anyone other than the intended recipient is strictly \
prohibited
--
OpenMRS Implementers: http://go.openmrs.org/implementers
Post: implementers@openmrs.org
Unsubscribe: implementers+unsubscribe@openmrs.org
Manage your OpenMRS subscriptions at https://id.openmrs.org/
[Attachment #3 (text/html)]
<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Baskerville Old Face";
panose-1:2 2 6 2 8 5 5 2 3 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Calibri","sans-serif";
color:windowtext;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri","sans-serif";}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<div class="WordSection1">
<p class="MsoNormal">As some of you are aware a group dealing with security had a \
hackathon to determine vulnerabilities with OpenMRS and the list of those items have \
been compiled. My question to the community is how do we want to react to this \
list? <span style="font-size:10.0pt;font-family:"Arial","sans-serif";color:#222222;background:white">
The majority of issues found are XSS-related, but there are also some session \
management problems and miscellaneous other items. Is there someone who has \
interest in being a Product Owner, Developer Lead or Developer on a piece of work \
around these issues? The time frame would be late March to early April unless \
the Roadmap group or the community calls out for it to be done earlier. \
</span><o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:16.0pt;font-family:"Baskerville Old \
Face","serif"">Chris Power<o:p></o:p></span></p> <p \
class="MsoNormal">Health Information Project Coordinator II<o:p></o:p></p> <p \
class="MsoNormal"><a href="mailto:powerc@regenstrief.org"><span \
style="color:blue">powerc@regenstrief.org</span></a><o:p></o:p></p> <p \
class="MsoNormal">Ph: 317.423.5678<o:p></o:p></p> <p class="MsoNormal">Warning! \
My email has changed to powerc@regenstrief.org<o:p></o:p></p> <p \
class="MsoNormal"><span style="font-size:7.5pt;font-family:"Times New \
Roman","serif";color:#A0A0A0">Confidentiality Notice: The contents of \
this message and any files transmitted with it may contain confidential and/or \
privileged information and are intended solely for the use of the named \
addressee(s). Additionally, the information contained herein may have been disclosed \
to you from medical records with confidentiality protected by federal and state laws. \
Federal regulations and State laws prohibit you from making further disclosure of \
such information without the specific written consent of the person to whom the \
information pertains or as otherwise permitted by such regulations. A general \
authorization for the release of medical or other information is not sufficient for \
this purpose.<br> <br>
If you have received this message in error, please notify the sender by return e-mail \
and delete the original message. Any retention, disclosure, copying, distribution or \
use of this information by anyone other than the intended recipient is strictly \
prohibited</span><o:p></o:p></p> <p class="MsoNormal"><o:p> </o:p></p>
</div>
</body>
</html>
<p></p>
-- <br />
OpenMRS Implementers: <a \
href="http://go.openmrs.org/implementers">http://go.openmrs.org/implementers</a><br \
/>
Post: implementers@openmrs.org<br />
Unsubscribe: implementers+unsubscribe@openmrs.org<br />
Manage your OpenMRS subscriptions at <a \
href="https://id.openmrs.org/">https://id.openmrs.org/</a><br /> <br />
<br />
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic