Odoo is the world's easiest all-in-one management software. It includes hundreds of business apps:
CRM | e-Commerce | Accounting | Inventory | PoS | Project management | MRP | etc.
What are the security risks from community modules?
Assuming a testing instance of OpenERP, separate from the production instance, running on a relatively secure OS such as Ubuntu then how much harm could a malicious community module do to the server? Could it delete data? Upgrade access privilege?
When testing a module, what level of isolation is prudent without being paranoid? Level 1: Separate database on the same instance as the production database Level 2: Separate instance from the production instance but on the same server Level 3: Separate OS, such as a virtual machine from the production server.
What about modules with hidden purposes? For example, there are apps on Google play that do what they claim but also hide another purpose such as stealing information.
Please try to give a substantial answer. If you wanted to comment on the question or answer, just use the commenting tool. Please remember that you can always revise your answers - no need to answer the same question twice. Also, please don't forget to vote - it really helps to select the best questions and answers!
About This Community
This platform is for beginners and experts willing to share their Odoo knowledge. It's not a forum to discuss ideas, but a knowledge base of questions and their answers.Register
Odoo Training Center
Access to our E-learning platform and experience all Odoo Apps through learning videos, exercises and Quizz.Test it now
|Asked: 3/29/14, 6:24 PM|
|Seen: 738 times|
|Last updated: 3/16/15, 8:10 AM|