Community mailing list archives

Re: Odoo security

- 07/27/2015 08:24:24
Quoting Raphaël Valyi <>:
> my personal opinion may not make everybody happy, but I think it's  
> counter productive: I think bundling the ERP and an  
> ecommerce-website inside the same runtime is a dead end.

I agree.

> Any breach (potentially due to a customization, an ERP needs a lot  
> of customizations) can be exploited to hijack all your business  
> data... Breaches are even more likely as an ERP as orders of  
> magnitude more functional attack surface than an e-commerces or a  
> website.

I agree, again.

However, I believe one could solve this problem within the Odoo

What is needed are two Odoo instances: One with public interface,
e.g. e-commerce/shop, customer ticket system etc. The second
instance would have all data, both public and confidential. And
then one would need a very good two-way synchronisation between
the instances with intelligent filtering.