Community mailing list archives

community@mail.odoo.com

Re: stop odoo using rpc api??

by
Camptocamp France SAS, Alexandre Fayolle - Camptocamp
- 08/01/2016 11:32:47
On 01/08/2016 14:17, robert rottermann wrote:
> I have been working with zope/plone for 15 years, and never heard of such a 
> vulnerability.
> zope does have a stop/restart capability which can be used both from its ui and 
> its api.

Good for Zope / Plone then. As other have answered, it is trivial to
implement this if your Odoo instance has not changed the user id (e.g.
from root to another user, because you can implement whatever you want
in a small extension providing a controller or a button callback). We
are just kindly reminding you that such a feature is an easy way to
shoot yourself in the foot (and that having the password for user admin
in one instance is not enough to claim the priviledge to shut down all
the instances ran by a given Odoo server, you should at least validate
the master password if you're going to implement this).

Do you also intend to shutdown your PostgreSQL
server docker instance using a SQL command ? 

-- 
Alexandre Fayolle
Chef de Projet
Tel : +33 4 58 48 20 30

Camptocamp France SAS
Savoie Technolac, BP 352
73377 Le Bourget du Lac Cedex
http://www.camptocamp.com