Odoo Help


What are the security risks from community modules?

Gilles Lehoux
on 3/29/14, 6:24 PM 1,071 views

What are the security risks from community modules?

Assuming a testing instance of OpenERP, separate from the production instance, running on a relatively secure OS such as Ubuntu then how much harm could a malicious community module do to the server? Could it delete data? Upgrade access privilege?

When testing a module, what level of isolation is prudent without being paranoid? Level 1: Separate database on the same instance as the production database Level 2: Separate instance from the production instance but on the same server Level 3: Separate OS, such as a virtual machine from the production server.

What about modules with hidden purposes? For example, there are apps on Google play that do what they claim but also hide another purpose such as stealing information.

It is vital that the whole system is protected against any security threats (backdoors, viruses, malicious code and the like; It would be of great importance for OpenErp SA to "reinsure" the whole community as per the vision and the procedures they put in force in force to deliver a safe code (in-house and third parties) for official modules. Community modules should follow the same rules and the authors should a least put a statement that their code is free from threats As far as the production is concerned see http://help.openerp.com/question/43745/how-can-i-know-my-data-is-safe-in-saas/

AD LIBITOM, michel Guénard
on 3/30/14, 7:45 AM

About This Community

This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.


Odoo Training Center

Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.

Test it now

Question tools

1 follower(s)


Asked: 3/29/14, 6:24 PM
Seen: 1071 times
Last updated: 3/16/15, 8:10 AM