Any user with access rights to the user list can export every single password in the system. For one, storing plain text passwords in any form is poor security and having anyone with access to all users' paswords is also poor security. You can't allow a user to create other users but ensure they can't steal everyone's passwords.
Is there any way to prevent users having access to other people's passwords even if they have the rights to create users. Example, you have an HR user that can create users but we don't want them to have access to the CEO's password. I'm sure all the executives at any company would agree.
The auth_crypt that Fabrice had suggested will encrypt the password so that it is not stored in clear text. However, I think it is still a better idea to prevent exporting password all-together (anyway, who want to export password without any malice objective in the first place). A list of enrypted passwords will make it easier for attacker to reverse engineer the hash algorithm. I'd recommend inheriting the export_data method in the res.users and remove password field from the fields_to_export.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 12/12/14, 4:58 PM|
|Seen: 647 times|
|Last updated: 3/16/15, 8:10 AM|