Community mailing list archives

community@mail.odoo.com

Re: Odoo security

by
Martin
- 07/27/2015 08:24:24
Quoting Raphaël Valyi <rvalyi@akretion.com>:
> my personal opinion may not make everybody happy, but I think it's  
> counter productive: I think bundling the ERP and an  
> ecommerce-website inside the same runtime is a dead end.

I agree.

> Any breach (potentially due to a customization, an ERP needs a lot  
> of customizations) can be exploited to hijack all your business  
> data... Breaches are even more likely as an ERP as orders of  
> magnitude more functional attack surface than an e-commerces or a  
> website.

I agree, again.

However, I believe one could solve this problem within the Odoo
ecosystem.

What is needed are two Odoo instances: One with public interface,
e.g. e-commerce/shop, customer ticket system etc. The second
instance would have all data, both public and confidential. And
then one would need a very good two-way synchronisation between
the instances with intelligent filtering.

Cheers