[brady_m]

Agree that security is an important topic.

Note there has not been a default password for about 5 years, and will update the FAQ.

Regarding the other FAQ links you posted, what specific security issues are there with those?

To get an idea of OpenEMR's security, recommend checking out the following section on the wiki(1 of those links has several 3rd party security audits): http://www.open-emr.org/wiki/index.php/OpenEMR_Wiki_Home_Pag...

[peterwwillis]

It shows the use of ImageMagick, a legendarily buggy and insecure application and library. It shows the use of system crypt() for password hashes, which isn't really very secure since (afaik) it doesn't support pbkdf2 on most systems or bcrypt (not the blowfish one) or script. It shows hardcoding database credentials in a flat file. And it shows it uses PHP, which has its own security problems as well as being well known as a language used by people not aware of secure coding practices.