Odoo Help


Are the Odoo developers promoting insecure by default in their coding practices?

Timo Goosen
on 8/27/14, 5:06 AM 2,076 views

Someone filed an issue on github https://github.com/odoo/odoo/issues/1975

which showed that the passwords in Odoo and OpenERP for that matter are not being hashed:


"Password hashing is one of the most basic security considerations that must be made when designing any application that accepts passwords from users. Without hashing, any passwords that are stored in your application's database can be stolen if the database is compromised, and then immediately used to compromise not only your application, but also the accounts of your users on other services, if they do not use unique passwords."

More motivation: http://security.blogoverflow.com/2011/11/why-passwords-should-be-hashed/

Just for those who don't know the difference between hashing and encrypting passwords:

Besides hasing passwords I also think a salt should be added.

Odoo is supposed to be used by businesses.  If this is the kind of security that the Odoo developers
are encouraging then they deserve to be dragged to the stake and burned, since they don't seem to care about the security of the businesses
that are going to be using their software.



Ben Bernard

--Ben Bernard--

| 4 3 6
Jakarta, Indonesia
--Ben Bernard--
Ben Bernard
On 8/27/14, 5:31 AM

Yes, by default the password is not encrypted. To store password in encrypted text use auth_crypt (or base_crypt for later version). The best practice here is to use the module in production.

But, I agree that by default it should be secure.

Timo Goosen
On 8/27/14, 5:39 AM

"The best practice here is to use the module in production."

I can't say that I've seen anyone make this reccomendation in the official documentation.


Most people aren't aware that they should be using this. This should be installed by default or just be part of the base install by default. Security should not be an "optional" thing.


Yes, I agree with you. That is just my opinion.

Ben Bernard
on 8/27/14, 5:45 AM

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

2 follower(s)


Asked: 8/27/14, 5:06 AM
Seen: 2076 times
Last updated: 3/16/15, 8:10 AM