How to secure Odoo website with corporate data?
Hello all, new user here.
I am new to Odoo but do have some experience in ERP's, namely a short stint with sap.
As much as I am impressed with so much functionality, I am curious to know how people are integrating Odoo/OpenERP within their corporate landscape - mostly from a security perspective.
The glaring dilemma I am faced with is can I use Odoo's public website functionality and still use it to keep corporate data? In my experience, public websites should always be in DMZ's...and corporate data is always buried deep within the 'safer' recesses of an organization's network. After a cursory introduction to Odoo, I am left with the belief that either:
1) Odoo should be installed in the DMZ...corporate data and all.
2) Odoo is buried in the network, but some restrictive port forwarding rules are put in place to let the public through on port 80/443 for website access.
3) The website functionality is not meant for the public at all, but only for internal/extranet access...maybe through vpns etc.
For instance, consider an ecommerce app with some products for sale - where do I keep track of the inventory and shipping details? Since this information is tied in with companies, contacts, order history, leads, opportunites...it leaves me to believe this data needs to be packaged with the public website...which should be in a DMZ.
Thanks in advance for your responses!