Other queries we’d like to be able to show and share are things such as “show me the diabetes patients taking metformin”
Can you help with setup, or may I have permission to do so? If the later, I would need help setting up a MySQL user account that has only read-only permissions.
As an aside are these queries needed to demonstrate standard use of the system? If so, should there be some functionality built in at some point? (Even maybe some standard queries built specifically via some php scripts vs an open ended tool like phpmyadmin?)
Are saying its better for the EHR team to host the test servers outside the LH infrastructure to have the flexibility of phpmyAdmin?
i would like to see us brainstorm a solution for the teams who will come on and send queries (as these will be dynamic ) that doesn’t compromise security - but a solution is needed … Let everyone put on their thinking caps and fast
A separate server with remote queries is one way to mitigate risks, although phpmyadmin itself is arguably the bigger risk vs the infrastructure issue.
What they choose to do is up to them, but my sole concern is security. I don’t want to deal with security implications. They should (as @downey suggested) build a tool for this.
As would I – but installing phpmyadmin is out of the question here. Even if we went with majority rule here – both @downey and I are firm on NOT installing it.
None of those issues are for 4.7 version or above.
In addition, phpMyAdmin access need not be open-ended at the root access level…at all. Trying to find any unpatched CVE’s for current version…no “luck” so far.
Not making an argument for using it on a demo server, as it is not a normal end-user tool, and is something that anyone could use the data with on their own system if they wanted it, just a ‘be real’ check on the presumption here.
The intention is to be able to demonstrate to less technical people the power of SQL and build an educational curriculum around SQL in the context of HIM.
I do not need PHPMyAdmin to run queries. It’s much easier/efficient for me to run them against my own MySQL instance locally, but if we want other potential instructors to be able to see what is possible, setting up server access for each of them seems impractical, and there is also a much steeper learning curve.
I’m sorry to take such a firm stance here – I will do whatever is needed but this isn’t needed…what’s needed is reporting tools – which allows you to run raw queries… in a constrained way. This should be built into EHR itself
Thanks to everyone for exploring this approach. Kevin and I would like to see SQL capability that is simple and secure. This would be a unique EHR feature
@rhoyt, in that case – it should be built into LibreHealth EHR itself…as a reporting toolkit – this would be immensely
powerful. OpenMRS has this functionality, and we should too.