Community mailing list archives

community@mail.odoo.com

Re: Odoo security

by
Eric Caudal
- 07/27/2015 09:48:27
>What is needed are two Odoo instances: One with public interface,
>e.g. e-commerce/shop, customer ticket system etc. The second
>instance would have all data, both public and confidential. And
>then one would need a very good two-way synchronisation between
>the instances with intelligent filtering.

All the more in situations where the market for the website (eg: Europe) is not same than the one for ERP/Operations (eg: China), with latency over 300 ms.
Anyway this is a choice assumed by Odoo SA for serving simple SaaS implementation. 

In our case, some day we will create a interconnection based on the odoo-connector interface for all those needs :).



On Mon, Jul 27, 2015 at 8:27 PM W. Martin Borgert <debacle@debian.org> wrote:
Quoting Raphaël Valyi <rvalyi@akretion.com
>:
> my personal opinion may not make everybody happy, but I think it's  
> counter productive: I think bundling the ERP and an  
> ecommerce-website inside the same runtime is a dead end.

I agree.

> Any breach (potentially due to a customization, an ERP needs a lot  
> of customizations) can be exploited to hijack all your business  
> data... Breaches are even more likely as an ERP as orders of  
> magnitude more functional attack surface than an e-commerces or a  
> website.

I agree, again.

However, I believe one could solve this problem within the Odoo
ecosystem.

What is needed are two Odoo instances: One with public interface,
e.g. e-commerce/shop, customer ticket system etc. The second
instance would have all data, both public and confidential. And
then one would need a very good two-way synchronisation between
the instances with intelligent filtering.

Cheers

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe