Situation:
* Odoo v12.0 CE with multicompany database.
* Webserver (Apache2 reverse proxy).
Odoo database hosts backend functionality as well as publicly accessible website(s).
Questions:
Does it make sense to implement an authentication scheme at the webserver to increase security if Odoo server also hosts publicly accessible website(s)?
For example by using authentication forwarding (https://github.com/OCA/server-auth/tree/12.0/auth_from_http_remote_user).
In case of a publicly accessible website, Odoo server has many URL endpoints that need to be served without authentication.
What are website related end-points? We see many starting with "/web" which is also start of backend related URLs.
Can we discriminate between backend and website related URLs (e.g with <Location> configuration section containers in Apache conf) or is this not feasible / a bad idea?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Accounting
- Inventory
- PoS
- Project management
- MRP
This question has been flagged
1697
Views
Enjoying the discussion? Don't just read, join in!
Create an account today to enjoy exclusive features and engage with our awesome community!
Sign up| Related Posts | Replies | Views | Activity | |
|---|---|---|---|---|
|
0
Dec 24
|
44 | ||
|
0
May 24
|
249 | ||
|
1
Dec 23
|
1086 | ||
|
0
Dec 23
|
309 | ||
|
1
Sep 23
|
4539 |
