Community mailing list archives

Re: Encrypcion

by Anders Wallenquist <> - 08/24/2014 18:32:22
Den 2014-08-24 22:59, skrev:
<blockquote cite="" type="cite">

If you wont Encryption on transport is SSL a good idea. There are 2 variants to run a SSL socket.
* The simple is with a server-certificate. There are only a authentication of the Server.
* The second is with client-certificates. There get each person an certificate (software or on a secure card) and can so establish the connection. This is more secure but make a lord of work to manage the certificate infrastructure.

A SSL connection over SSH is a bad idea. It works but its have a load of legacy because of the TCP resyncs.
If you wont an additional secure layer use a vpn but down use it instant ssl. An end2end encryption is the best solution.

You don't combine SSH and SSL. SSH are a good solution if you dont want to expose any Odoo services to the world but a single SSH-tunnel.

SSL has good encryption (except for the Heartblead Bug recently), you can buy third party certificate check (protection for man-in-the-middle attack), or
create a self signed certificate for free. SSL are typically used for secure public services and SSH for very secure internal company wide systems.

In a SSH-tunnel-based solution you expose the Odoo-server and Postgres database only to localhost and users that have opened a SSH-tunnel to the server.
The benefit of this solution compare to SSL are that you don't need to know if there are any security breaks in the Odoo-server or Postgresql. You can install
less secure services as Phppgadmin and such without compromise security. If your users use Linux-clients SSH already are integrated in the system, with Ubuntu
I can recommend gSTM as a GUI to administrate/start/stop SSH-tunnels. For Windows-users you have to install a program like Putty.

If you don't need the extra security brought by SSH, SSL encryption with a third party certificate are a smooth solution. You have to proxy port 443 to 8069 using
apache or varnish. If you use self signed certificates users will have to answer a question about to load the certificate and force to continue the first time they enter
the service. You can buy SSL-certificats from Verisign, Start-SSL and more vendors.

As an addtition to encrypted transport to the Odoo-service, you can use one time passwords using secure login hardware. One solution we have very good experience of
are Yubikey. This is a little dongle for your keychain that makes your system as secure as an Internet bank. Older versions of Odoo have a login-module
for Yubikey, but not for 8. We have a patched version not yet published for 7 and hopefully soon for 8.

<blockquote cite="" type="cite">

If you wont a encryption of the system you cane use disc encryption (I recommend LUKS) but that is not real performance on bigger systems.
And don't forgot the encryption of the backups...
LUKS are a good solution if you want an encrypted system for example as a virtual mashine to start just when you use it (ie local Virtual Box or KVM)
It does not make sense for a public server or VPS with an uptime. LUKS does not protect you as soon the server is started. An easy way to create a Virtual Box with LUKS
are to install Ubuntu server and choose disk encryption. This is used for single user systems in a very secure environment without any Internet connection at all.

To sum it up:

Use SSL or SSH to encrypt transport. SSL with third party certificate for public services, SSL with self signed for internal use. You combine SSL with apache/varnish proxy.
Use SSH-tunnel if you are paranoid and want a very secure system without to be dependent on Odoo- or Postgres-security.

Install the auth_crypt-module to encrypt the stored password, or better use one-time-passwords with yubikey or oauth/openid. If you still use plain old passwords use only one
per service and use a generator/encrypted storage for them. Keepass or Revelation. A password with good entropy have [a-z][A-Z][0-9][!-}] with a minimum of 15 characters.

A completely different approach are a single user system that you start only when you need it as a virtual machine. This machine would not have any connections with internet
or other networks and use disk encryption. You don't need neither SSL or SSH but you need to trust your underlying system (I would not use Windows or Mac) check for keyloggers
and use hardware with low radiance footprint. A truly paranoid approach.

<blockquote cite="" type="cite">


On 24.08.2014 18:34, David Arnold wrote:
<blockquote cite="" type="cite">
​ Hi Anders

thanks for your answer​! If we want to go even further, are there recommendations?


Post to:

Post to: