Skip to content

Authentication, Authorization and Security

Jump to bottom Edit New page
rgwch edited this page May 15, 2015 · 24 revisions

Authorization model

Webelexis uses a role based authorization model: A user has one or more roles, and a resource has exactly one required role. A User has access to a resource only if they have a role matching the required role of that resource.

Roles are simply strings. Two of them are predefined:

  • "guest". An anonymous user or a user without credentials always has the role "guest".

  • "admin". A user having the role "admin" has access to all resources, no matter what roles they need.

All other roles are defined in the cfglocal.json of the server.

Example:

    "emr":{
       "icpc-problems": true,   // load problem list (Plugin ICPC is installed)
        "stickynotes": true,    // load sticky notes (Plugin "haftnotizen" is installed)
        "stickers": true,	    // load stickers
        "prescriptions": true,  // load prescriptions
        "lab": true,            // load lab values
        "role":"arzt"           // required role to use this module
      }

Authentication

Authentication of users happens via local login or "SignIn with google". In the latter case the users remains logged in even between computer shutdowns until the "google sign in" token expires or they log out explicitly. In both cases a user account on the server must exist before login is possible.

In case of a local account, a username and a password are required. In case of a google account, the e-mail-address of the google account is the webelexis username.

To enable "Sign in with Google", a valid Google ClientID must be set in the section "bridge" of cfglocal.json. If no such ID is given, no "Sign in with Google" Button is created and the protocol to authenticate users with Google is disabled.

Example:

 "googleID": "3aa2352634636aasf.apps.googleusercontent.com"

User management

User accounts are held in a mongo database. Installing a mongodb server is trivial (brew install mongo on Mac, sudo pacman -S mongodb in Arch Linux, sudo apt-get install mongodb in Ubuntu, installer in Windows). User accounts can be created from the mongodb shell:

mongo
use webelexis
db.users.insert({"username": "someone@gmail.com", "roles":["user","admin"]})

or, in case of a local account:

db.users.insert({"username": "someone", "password":"something", "roles":["user", "editor"]})

The system will encrypt the password on first use, and will store only encrypted passwords if the user applies a "change password" request.

If users create an account via the web interface, they will be attributed the role "defaultRole" as specified in the cfg local.json. Changing roles is only possible directly via the mongo database this time:

db.users.update({username: "username"},{$set: {roles: ["user","arzt","patient"]}})

Security

Encryption

Since Webelexis does not encrypt data transfer, connection should only go via secure paths (connect via https or through VPN) Setup of the webelexis server to use TLS/SSL is quite easy. The only problem is that browsers will complain about self signed certificates (which should not really be an issue if administrator and users are knowing each other which is usually the case in the field Webelexis is made for.) For additional security, you might also configure the server to require client authentication, so that only known clients can connect.

Protection

The "bridge" section in cfglocal.json defines, which messages are accepted via the http server (for messages between Webelexis parts within the same LAN, no restrictions apply).

Example:

    "inOK": [ // allowed inbound messages (all other will be blocked)
        {
            "address": "ch.webelexis.session.login"
        },
        {
            "address": "ch.webelexis.session.logout"
        },
        {
            "address": "ch.webelexis.publicagenda"
        },
        {
            "address": "ch.webelexis.privateagenda"
        },
        {
            "address_re": "ch\\.webelexis\\.patient\\.\\w+"
        }
     ], 
     "outOK": [   // allowed outbound messages: status messages from the server
         {
            "address_re": "ch\\.webelexis\\.feedback\\.[a-f0-9-]+"
         }
     ],

Access restrictions

Every piece of Software can introduce errors and security risks. Therefore, it is crucial to protect any access from the internet to your database as good as possible.

I recommend the following measures:

  • Do not run the vertx server on the same machine as the elexis database server. Instead, use a Computer or a Virtual Machine with as few software as possible (I use manjaro net edition).
  • Keep that machine away from your normal network traffic. Allow connection only to the database server.
  • create a user for webelexis and don't give that user sudo rights.
  • create a webelexis user on your database server, and restrict the rights for this user to the absolutely necessary minimum. Example: If you want only allow patients to create their appointments online, the following rights are sufficient: GRANT SELECT,INSERT,UPDATE ON elexis.AGNTERMINE to <webelexis-user>@'<webelexis-machine> identified by 'webelexis-password', and GRANT SELECT ON elexis.KONTAKT .... For other functions, set rights accordingly. DELETE and DROP is never necessery. UPDATE only, if you need write access to a table. Make sure to give access only to the tables needed to enable the desired function. Read the mysql manual or the PostgreSQL manual for more informations on this topic.
Add a custom footer
Add a custom sidebar
Clone this wiki locally