Community mailing list archives

community@mail.odoo.com

Re: stop odoo using rpc api??

by
redCOR AG, robert rottermann
- 08/01/2016 08:12:45
On 01.08.2016 13:42, Alexandre Fayolle wrote:
> On 01/08/2016 13:09, robert rottermann wrote:> On 01.08.2016 12:37, Dominique Chabord wrote:> 2016-08-01 12:22 GMT+02:00 
> robert rottermann <robert@redcor.ch>:> On > 01.08.2016 12:02, Dominique 
> Chabord wrote: >> hi, >> >> I hope not ;-) >>> > regards > sorry, i might not 
> have been clear enough. > I would like > to be able > to do that. > > 
> otherwise I have to close the running > server using some shell > commands , > 
> which > would be far less > elegant. > > ok, I hope noboby can stop Odoo's 
> saas with an appropriate > request. > There isn't anything elegant in 
> bypassing a server > administration > rules. Odoo daemon should not be allowed 
> to stop itself > on a > reasonably administrated server, nevertheless you may 
> develop a > piece > of code to make it crash (many succeed) , but just an 
> opinion > about > what elegance can be ;-) > agreed, and only being able to 
> stop a server by killing it, strikes me as > utterly inelegant. > > however I 
> would like to learn, why you think having a well define shut down > procedure 
> is bad?
thanks,
> The well defined procedure is running with root priviledge
> "/etc/init.d/odoo stop" (or equivalent if you're using systemd or upstart)
>
> The way this command is implemented (typically sending a SIGINT signal)
> is irrelevant.
agreed
>
> Being able to stop Odoo using XMLRPC may lead to opening a Denial of
> Service vulnerability.
i am sceptical about that.
I have been working with zope/plone for 15 years, and never heard of such a 
vulnerability.
zope does have a stop/restart capability which can be used both from its ui and 
its api.
> And since you probably won't be able to start
> Odoo using XMLRPC (at least not by trying to interact with a stopped
> Odoo instance), you will need to log on the server to restart it,
> leading to an inelegant, asymetric situation.
agreed,
but this could be handled in several ways.

i am running a number odoo instances in docker containers and am looking for a 
way to probe and restart them.
seems, that I only can pull the plug..
robert

>
> -- Alexandre Fayolle Chef de Projet Tel : +33 4 58 48 20 30 Camptocamp France 
> SAS Savoie Technolac, BP 352 73377 Le Bourget du Lac Cedex 
> http://www.camptocamp.com
>
> _______________________________________________
> Mailing-List: https://www.odoo.com/groups/community-59
> Post to: mailto:community@mail.odoo.com
> Unsubscribe: https://www.odoo.com/groups?unsubscribe
>