Odoo Help

Welcome!

This community is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.

1

What are the security risks from community modules?

By
Gilles Lehoux
on 3/29/14, 6:24 PM 675 views

What are the security risks from community modules?

Assuming a testing instance of OpenERP, separate from the production instance, running on a relatively secure OS such as Ubuntu then how much harm could a malicious community module do to the server? Could it delete data? Upgrade access privilege?

When testing a module, what level of isolation is prudent without being paranoid? Level 1: Separate database on the same instance as the production database Level 2: Separate instance from the production instance but on the same server Level 3: Separate OS, such as a virtual machine from the production server.

What about modules with hidden purposes? For example, there are apps on Google play that do what they claim but also hide another purpose such as stealing information.

It is vital that the whole system is protected against any security threats (backdoors, viruses, malicious code and the like; It would be of great importance for OpenErp SA to "reinsure" the whole community as per the vision and the procedures they put in force in force to deliver a safe code (in-house and third parties) for official modules. Community modules should follow the same rules and the authors should a least put a statement that their code is free from threats As far as the production is concerned see http://help.openerp.com/question/43745/how-can-i-know-my-data-is-safe-in-saas/

AD LIBITOM, michel Guénard
on 3/30/14, 7:45 AM

Your Answer

Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!

About This Community

This community is for professionals and enthusiasts of our products and services. Read Guidelines

Question tools

1 follower(s)

Stats

Asked: 3/29/14, 6:24 PM
Seen: 675 times
Last updated: 3/16/15, 8:10 AM