If I provide a computer to an OpenERP consultant and ask him to install Linux (ex Ubuntu) and OpenERP, then, when the computer comes back, is there a way to make sure that he has not included any back doors in either Linux or OpenERP? The server would be accessible from outside the office, maybe through a VPN, also smartphones.
A back door is a way to bypass the systems that restrict access. The simplest back door is to create an extra user. Someone can then use that login. I guess looking at the user list would insure against this.
You can never be 100% Positive. To be 99.9% confident there are no back doors:
- Hire somebody trustworthy to install your system.
- Setup a system to log all the IP addresses that access your system, review these logs for irregular activity.
- Check your operating system and openERP installation for users you do not recognize.
- Install the OS and openERP yourself, have the consultant ship you the custom modules with installation instructions.
Point 4 is really paranoid, i don't think you need to go that far if you have a trustworthy consultant.
With any computer system backdoors can always be put in, the Stuxnet virus was enabled by Siemens hard coding a hidden administrator account that didn't show up in the software, that hardware was in use at hundreds of sites.
If you are asking this question you should install linux and openerp on yourself.
you can check my answer on how to install openerp on ubuntu https://accounts.openerp.com/forum/Help-1/question/2562
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 3/6/13, 6:55 PM|
|Seen: 1487 times|
|Last updated: 3/16/15, 8:10 AM|