Odoo Help

9
1 Answer
17
Avatar

Emipro Technologies Pvt. Ltd.

--Emipro Technologies Pvt. Ltd.--
7254
| 6 7 8
Rajkot, India
--Emipro Technologies Pvt. Ltd.--

Emipro has been providing a wide range of business solutions in the domain of ERP & eCommerce. We take pride in serving 1000s of contented customers across the globe with strong roots in the US, Europe & India. Being a Certified Odoo Gold Partner in India as well as the United States, we bring our rich professional experience and unrivaled technical competence to help our customers obtain efficient and cost-effective business solutions in Odoo. With our team of 50+ Odoo Experts and highly experienced business analysts, we serve our customers which are companies of all sizes, ranging from start-ups to large enterprises. 

Our ERP Services:

  • Business Need Analysis & GAP Analysis

  • ERP Migration

  • Odoo Consultancy

  • Odoo Implementation & Customization

  • Odoo Training & Support

  • Odoo Website & eCommerce Development

  • Odoo Integration (Marketplaces, eCommerce platforms, Shipping Carriers, Payment Gateways etc.)

Our Achievements:


Reach Us:

Website: www.emiprotechnologies.com

Email: info@emiprotechnologies.com

Skype: emiprotech

Emipro Technologies Pvt. Ltd.
8/28/15, 2:17 AM

From our vast experience on Odoo implementations so far, we suggest following steps to secure your Odoo.

  • Set private ssh key for your Odoo server.

  • Start your Odoo in SSL mode.

  • Install Nginx in your Ubuntu Server.

  • Stop access of all unnecessary ports from firewall of your Ubuntu Server.

  • Set proper data access rights & access rules into your Odoo instance.

  • Set proper authentication method for your PostgreSQL database user.

  • Set tricky password for PostgreSQL user.

  • Apply encryption on Database and Odoo user passwords.

  • Set Tricky password for Super Admin.

  • Request all your ERP users to set difficult password.

  • Give FTP access for your ERP users and don't allow them to create files out of their directory on your Ubuntu Server.

  • Set proper access rights on your custom addons and default Odoo addons via chmod and chown commands.

  • Have a look on /var/log/postgresql/postgresql-9.1-main.log file for malware attack on your database.

  • Manage your Odoo log file properly.

  • Transfer database & custom addons backup to remote place at frequent amount of time.

  • Change and set tricky password for detault postgres user in your database server.

  • Stop xmlrpc if you don't want your ERP to connect from 3rd party systems. ( set xmlrpc=False in your config file )

  • Remove "Manage Database" link from home page of your live Odoo instance. ( it's suggestion only )

  • Ignore installation of Odoo where multiple other websites are hosted.

  • We highly recommend to ignore creation of any kind of demo database in Live Odoo instance. 

  • Ignore to host your Odoo in Web hosting servers, always host Odoo in trusted VPS sites. ( Amazon, Raskspace, DigitalOcen, Myhosting etc..)

  • Monitor Incoming and outgoing TCP/IP traffics in your Ubuntu Server.  Few of our customers for whom we have implemented Odoo for more then 150+ users, they hired their own server administrator to monitor incoming and outgoing TCP/IP traffics. ( Visit this link )

  • Never give full access of your server to your Odoo service providers, always give them folder access of their own custom addons with their separate user. ( It's advisable to not share root user password to anyone. )

  • If customer can afford healthy cost, we always suggest them to set up their own in-house hosting server instead of VPS.

You can direct ask any Odoo related problem to us via a tweet. Tweet us to @EmiproTech 

9 Comments
Yenthe Van Ginneken
8/28/15, 3:24 AM

Very good list and arguments. I'd like to argue about the fact from an in-house hosting server though. Why would that be better than a VPS that usually has a lot of pre-configgured security measures?

Emipro Technologies Pvt. Ltd.
8/28/15, 4:58 AM

Off course VPS is good choice but for highly secured data and in big projects our customers prefers their own server instead of VPS. Another problem we have observed is some cheapest VPS gets shutdown automatically so Odoo automatic processes gets disturbed..

August Doo
8/28/15, 6:22 AM

many thanks for such a good synthesis, voted!

Emipro Technologies Pvt. Ltd.
8/28/15, 6:34 AM

Thanks @August & @Yenthe

Tarek Mohamed Ibrahim
8/28/15, 9:32 AM

I think that this question and answer is eligible to be added to the standard odoo documentation.

Yenthe Van Ginneken
8/28/15, 10:18 AM

The clue is to never go with very cheap VPS'es, they have poor performance and poor uptimes. :) But really a +1 for this great list!

Emipro Technologies Pvt. Ltd.
8/28/15, 10:59 AM

@Yenthe, Please write in a note ( I will sign on that note ) "In near by future Odoo will face 2 mejor issues Server security and Database performance issues & Speed optimization issues." Emipro is very much sincere and we have started our thinking in those direction

Axel Mendoza
8/28/15, 10:32 PM

Very good security list, just add that SFTP is more secured than FTP and you could find scriptable solutions out there or customize your own based on paramiko like I did with https://github.com/aek/solt_sftp

Emipro Technologies Pvt. Ltd.
12/16/15, 5:09 AM

ok

Ask a Question
Writer
Tags
Keep Informed
6 follower(s)
About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

Register
Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now