What are the security risks from community modules?
Assuming a testing instance of OpenERP, separate from the production instance, running on a relatively secure OS such as Ubuntu then how much harm could a malicious community module do to the server? Could it delete data? Upgrade access privilege?
When testing a module, what level of isolation is prudent without being paranoid? Level 1: Separate database on the same instance as the production database Level 2: Separate instance from the production instance but on the same server Level 3: Separate OS, such as a virtual machine from the production server.
What about modules with hidden purposes? For example, there are apps on Google play that do what they claim but also hide another purpose such as stealing information.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
|Asked: 3/29/14, 6:24 PM|
|Seen: 675 times|
|Last updated: 3/16/15, 8:10 AM|