Community mailing list archives

Re: Odoo security

Akretion, Raphael Valyi
- 07/27/2015 13:47:54
On Mon, Jul 27, 2015 at 9:28 AM, W. Martin Borgert <> wrote:
I agree, again.

However, I believe one could solve this problem within the Odoo

Well, sorry but I think it would suck:
  • you would still reinvent a web framework. I think the recent 180° business model changes or totally volatile price/services are a good proof we are very far from an open source steady state and assuming the perfusion will keep going is really risky IMHO. history taught us even the Java titanic eco-system exploded and it was quite better architectured/funded...
  • if you share the same database, then you'll probably need to have the same modules installed in the front-end and in the back-end. Meaning you'll have to somewhat expose the potential ERP security breaches to the website too or spend tremendous efforts filtering data with potential risk of errors.
  • if you don't have the same database, then it means you duplicate data and then you fall into the pitfalls of SQL integrity of traditional connector approaches. A problem you mostly don't have when you take a NoSQL approach for the data replication like we do at Akretio (but by using Rails and things like sunspot/rsolr, unlike Odoo our web-framework is ready for the NoSQL data using the exact same standard ActiveRecord API).
 Well just my 2 cts.

Raphaël Valyi
Founder and consultant
+55 21 3942-2434