This application intends to provide health services database, and have a number of modules including Diagnostic Assessment and Clinical Calendar. The system provides administrative functions like timesheet, notes, payroll data, and contact management.
In this business-critical online application, security and performance are the two most important factors. The target data-size is large and deploying an open-source database system was both a risk and an opportunity.
The approach of Batoi was to understand the business process of the client and to create a system architecture that will be secured and HIPAA standard compliant.
The deployed MySQL database has a strong root password, and all passwords are irreversibly encrypted. Also, MySQL server data stream is encrypted. The database provides access to scripts located on the server itself. MySQL database is located behind a firewall. The grant privileges are strictly allocated for various users. Different users have varying levels of access to databases and tables and they will be limited to performing only certain operations.
MySQL security is evaluated and monitored from the Access Control List (or ACL) for all connections, queries, and many other operations that users can perform. Moreover, necessary steps are taken to prevent SQL injection attack on the application.
The project is in its beta stage, and the organisation is optimistic to use it for their purpose.