Skip to Content
Menú
This question has been flagged
2 Respostes
9441 Vistes

Are passwords now encrypted by default in version 7?

I have read many places that a mod needs to be installed for the passwords to be encrypted but they were for version 6.

If I need to install a mod, what is it called? I have only found "Password Encryption" but I think that is for email only?

Please advise, I am very new to OpenERP and want to make it secure.

Avatar
Descartar
Best Answer

Please, search before post new answer. This is a common question: https://accounts.openerp.com/forum/Help-1/question/6545

Avatar
Descartar
Best Answer

Just checked with my 7.0 installation and the passwords are not encrypted. However, I wonder what security problem you are worried about? Encrypted passwords in the database only mean that somebody who connects directly to your db, or who gets access to a database dump can't see the user passwords (which is of course a good thing in itself). Access to the database and its dumps should be restricted as there is far more than just user passwords that is potentially sensitive information in an ERP. Password encryption does not increase the security of the application in any way.

If you are worried about the general security of OpenERP that are other more important things to be concerned about, such only allowing connections to your OpenERP server using SSL.

Avatar
Descartar

For one thing, it means that if a server is compromised as you described, if users have used the same passwords elsewhere, their accounts everywhere else haven't been compromised too...

Related Posts Respostes Vistes Activitat
2
de febr. 21
17263
2
de març 15
3662
1
d’abr. 24
26465
0
de des. 24
9443
0
de maig 25
1506