As with an ILS and resource accessible from the world wide web careful consideration needs to be given to the security of your Evergreen servers and database. While it is impossible to cover all aspects of security, it is important to take several precautions when setting up production Evergreen site.

  1. Change the Evergreen admin password and keep it secure. The default admin password is known by anyone who has installed Evergreen. It is not a secret and needs to be changed by the Administrator. It should also only be shared by those who need the highest level of access to your system.

  2. Create strong passwords using a combination of numerical and alphabetical characters for all of the Administrative passwords including the postgres and opensrf users

  3. Open ports in the firewall with caution - It is only necessary to open ports 80 and 443 for TCP connections to the Evergreen server from the OPAC and the staff client. It is critical for administrators to understand the concepts of network security and take precautions to minimize vulnerabilities.

  4. Use permissions and permission groups wisely - it is important to understand the purpose of the permissions and to only give users the level of access that they require.