How to change password of Bahmni/OpenMRS (and securing the server)

A lot of users seem to install Bahmni/OpenMRS and don’t change the DEFAULT admin credentials. This is a serious security risk.

If you are an ADMIN of any Bahmni server, that is being used in Production / QA / Public exposed – please change the admin/superman credentials, to reduce your security risk. Also don’t use default DB credentials.

Please read

  1. Change password of Bahmni user: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/114361274/Logging+into+Bahmni

  2. OpenELIS: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/48889888/Lab+Security+and+Access+Control+OpenELIS

  3. In Bahmni Configuration Files: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/53837974/List+Of+Configurable+Installation+Variables

  4. Securing Bahmni Server: https://bahmni.atlassian.net/wiki/spaces/BAH/pages/2342780946/Securing+and+Protecting+the+Bahmni+Server

If you still need help, please post a question on our SLACK channel or on this talk forum. Thanks!

2 Likes

Bumping this up. We came across another PUBLIC instance of Bahmni today, where the default admin credentials were setup. This is very bad!

Please request everyone to ensure that for Bahmni deployments in production/real world to CHANGE ALL DEFAULT CREDENTIALS. Not doing so can put the implementor / hospital in Legal trouble and serious headaches.

This is true for any OpenMRS/Bahmni deployment. Be responsible. Refer to the links attached in this thread on how to make changes.

1 Like

If the Bahmni admin password is changed after the installation then ensure to change the atom feed connect passwords too

for OpenMRS to ODOO sync, change passwords in /opt/bahmni-erp-connect/bahmni-erp-connect/WEB-INF/classes/erp-atomfeed.properties

for openmrs to lab sync, change passwords in /opt/bahmni-lab/bahmni-lab/WEB-INF/classes/atomfeed.properties

1 Like