Community mailing list archives

community@mail.odoo.com

Re: stop odoo using rpc api??

by
Camptocamp France SAS, Alexandre Fayolle - Camptocamp
- 08/01/2016 07:42:06
On 01/08/2016 13:09, robert rottermann wrote:
> On 01.08.2016 12:37, Dominique Chabord wrote:> 2016-08-01 12:22 GMT+02:00 robert rottermann <robert@redcor.ch>:> On
> 01.08.2016 12:02, Dominique Chabord wrote: >> hi, >> >> I hope not ;-)
>>> > regards > sorry, i might not have been clear enough. > I would like
> to be able > to do that. > > otherwise I have to close the running
> server using some shell > commands , > which > would be far less
> elegant. > > ok, I hope noboby can stop Odoo's saas with an appropriate
> request. > There isn't anything elegant in bypassing a server
> administration > rules. Odoo daemon should not be allowed to stop itself
> on a > reasonably administrated server, nevertheless you may develop a
> piece > of code to make it crash (many succeed) , but just an opinion
> about > what elegance can be ;-)
> agreed, and only being able to stop a server by killing it, strikes me as 
> utterly inelegant.
> 
> however I would like to learn, why you think having a well define shut down 
> procedure is bad?

The well defined procedure is running with root priviledge
"/etc/init.d/odoo stop" (or equivalent if you're using systemd or upstart)

The way this command is implemented (typically sending a SIGINT signal)
is irrelevant.

Being able to stop Odoo using XMLRPC may lead to opening a Denial of
Service vulnerability. And since you probably won't be able to start
Odoo using XMLRPC (at least not by trying to interact with a stopped
Odoo instance), you will need to log on the server to restart it,
leading to an inelegant, asymetric situation.


-- 
Alexandre Fayolle
Chef de Projet
Tel : +33 4 58 48 20 30

Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac Cedex
http://www.camptocamp.com