Community mailing list archives


Andi Becker
- 11/12/2015 07:45:42
as an addition to what I already wrote above as possible solutions for those who will find that thread because they have similar problems.

If you are running your odoo site over an apache 2 proxy you could block the call to sites which link back to give the site a bit more of security.

add into your vhost settings of your domain the following:

<Location "/web/database/manager" >
Order deny,allow
Deny from all
Allow from ::1/128
<Location "/website/info" >
Order deny,allow
Deny from all
Allow from ::1/128

you need to change the localhost URL if necessary and youe odoo webserver should respond only to requests from localhost.

lists all the modules you have installed in a site. It might be good to deactivate that as it could give attackers hints to where they best attack. And it has absolutely no value for the developers of those modulesat least they work at odoo itself. The Apps Listed here are linked to the website.  

@Dave Thanks for reminding me:

Although you may have brought up a valid point, it wasn't the best way to put forward this issue.

Mea culpa if I stepped on the feet of others but I guess as meanwhile others verified that there seems to be a problem with privacy and sending data, it would be time to clarify what is actually going here before an external journalist makes the discovery we all for sure don't want to here as we are earning our living with those projects to. 

Better make it clear right now so that everyone knows what data gets send to where and why this data gets collected and than we can tell this to our customers and play open and fair game with them and it is good for us all to play with open and not with hidden cards!

I know that there are still places in the world where you have more or less no privacy laws or rights but especially the EU is very concerned about that matter and I guess lots of projects are done exactly there, even the developer himself is living and working from a far away remote location or even from a beautiful island like me and enjoy your odoo's 7 8 and 9. No Woodoo with Odoo ;-)

Have a nice evening!

With kind regards,
Mit freundlichen Grüßen,
Con un cordial saludo,
с сердечным приветом,