odoo - security aspects

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Accounting
Inventory
PoS
Project management
MRP

Take the tour

All Posts People Badges

Tags (View all)

odoo v14 accounting v15 odoo16features

About this forum

Help

odoo - security aspects

security internet odoo

1 Reply

3500 Views

MONEO Tomasz Serwanski

Hello,

Not sure if it was discussed before - I am wondering how odoo looks from the point of view of security; considering that there are odoo instances running in public internet (accessible from any place in the world), was there anybody facing problems because of that?

For example, exposing windows to internet is not good idea :) is there anyone who is running odoo available from internet and faced problems (mean odoo running on linux, not windows)? or maybe there is anybody who is running such an instance for lon time, and never faced any problems from internet? To make long story short, I am just looking for an opinion (based on experience, not on 'I think') - is it safe to run odoo with direct internet address/domain? or only safe method is to hide it behind vpn?

regards

Tomasz

Ermin Trevisan

Please respect the forum guidelines and do ask specific questions for specific help. Use the mailing lists for general discussions, where this topic already has been discussed widely by the way.

Steven Segers

I'm running a publicly accessible Odoo instance for years and have never had any security-issues (that I'm aware of). There are in fact thousands of Odoo instances publicly accessible. The whole Odoo cloud for starters. But does that help answer your question? What is your definition of "Safe"?

I know Odoo floated the idea of having an external security audit done some time ago but I don't think that ever materialized. So you have to see it like this: the people that designed the system are pretty smart and aware of how to build a secure system, so it is safe to assume there are no fundamental security flaws in the system. Also they send out notifications of vulnerabilities that get discovered and patched from time to time, so it is something they are actively monitoring.

So without going into "I think" land my conclusion would be that it is "pretty safe", but if you want something super-hardened than this is not it.

MONEO Tomasz Serwanski

Author

this is somehow answer I was looking for; trying to explain my question bit more - there are other software packages like joomla for example; it is also open source, developed by smart people, monitored, but..! there were at least few big vulnerabilities found last years, which leaded to several systems being hacked; root of my question is: are there any known similar cases, when vulnerability found in odoo was not pached quick enough and because of that (or because of other reason) many odoo instances were hacked at same time; considering your answer as based on experience - I believe there is no any known case like joomla one. great :)

obviously if anyone elsa had different experiences - please share

regards

Tomasz

Enjoying the discussion? Don't just read, join in!

Create an account today to enjoy exclusive features and engage with our awesome community!

Related Posts	Replies	Views
How to increase the security of Odoo ? Solved security odoo	2 Sep 23	23926
Security File Issue security odoo	0 Mar 15	3140
[8] How to inherit or delete rule Solved security rules odoo	2 Dec 19	13447
Bruteforce preventing using CSF (Config File Server Firewall) custom regex in the login form. security odoo login security	0 Apr 18	3152
Odoo Qweb Report render securely HTML with allowed Tags security qweb odoo	1 Apr 17	3482

This question has been flagged

Enjoying the discussion? Don't just read, join in!