Securing an OpenMRS Implementation
One critical MUST-DO for any OpenMRS Implementation: Ensure no default passwords are in use (such as “Admin123”).
This is true for everything from user login credentials in the UI, through to any database, web server, container, and/or servlets you are using in production. Even standard database and server tools often come with default passwords - ensure these are changed to unique, secure passwords.
This section of the wiki contains recommendations for how to secure an OpenMRS installation beyond what is provided by the application itself.
Sections contained within this Wiki area:
Strongly Recommended Resources
NOTE: We also recommend that OpenMRS community members, especially implementers, familiarize themselves with the following highly-recommended resources:
Secure development principles - National Cyber Security Centre