Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

1

Prevent users from exporting passwords in v7?

By
Sean Samborski
on 12/12/14, 4:58 PM 686 views

Any user with access rights to the user list can export every single password in the system. For one, storing plain text passwords in any form is poor security and having anyone with access to all users' paswords is also poor security. You can't allow a user to create other users but ensure they can't steal everyone's passwords.

 

Is there any way to prevent users having access to other people's passwords even if they have the rights to create users. Example, you have an HR user that can create users but we don't want them to have access to the CEO's password. I'm sure all the executives at any company would agree.

1

Ivan

--Ivan--
3210
| 5 3 6
Jakarta, Indonesia
--Ivan--
Ivan
On 12/15/14, 2:45 AM

The auth_crypt that Fabrice had suggested will encrypt the password so that it is not stored in clear text.  However, I think it is still a better idea to prevent exporting password all-together (anyway, who want to export password without any malice objective in the first place).  A list of enrypted passwords will make it easier for attacker to reverse engineer the hash algorithm.  I'd recommend inheriting the export_data method in the res.users and remove password field from the fields_to_export.
 

1

Fabrice Henrion (fhe)

--Fabrice Henrion (fhe)--
5813
| 7 7 8
San Francisco, United States
--Fabrice Henrion (fhe)--

Director Odoo USA

Fabrice Henrion (fhe)
On 12/12/14, 9:30 PM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 12/12/14, 4:58 PM
Seen: 686 times
Last updated: 3/16/15, 8:10 AM