I'm in a process of evaluating Odoo (8) for a client.
The installation went well but when the time came to provide an access to Odoo to the client testers, I saw the "Manage databases" button under the login box. Is it a mistake or there is a way to remove this from the login page and also prevent a non-admin user from accessing the databases administration page ? It is so unusual that I'm sudenly concern about the security of Odoo (waht about other things that I don't see).
In regards to your questions you can create a module that inherits the login form and simply remove the database dropdown menu as an option. This is a very simple module and I have already implemented this functionality in a website theme module that i'm using in production now.
In regards to restricting access to the /web/database/selector and /web/database/manager pages there are a few options. You could try the following module that redirects from /web/database/manager to the website login for those without access rights to see the /web/database/manager page:
or you could set up Nginx as a reverse proxy in front of Odoo and simply use Nginx rules to restrict access to those pages to certain fixed IP addresses by using the example i've provided in the following forum post:
Feel free to post back if you have any questions.
@Luke: Thanks for the tips. I will try that.
@Ray, @Juan: !!! If I well understand, it's a little bit like a lottery ? It's like saying: "I will give you my bank accounts list. Try to get in now. I'm sure that you won't be able to do anything with it..."
Maybe it's just me, but I think it is against one of the basic rules in security: don't challenge hackers!
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 11/24/14, 4:51 PM|
|Seen: 3990 times|
|Last updated: 3/16/15, 8:10 AM|