Community mailing list archives

community@mail.odoo.com

Re: Encrypcion

by
Cristian Salamea
- 09/03/2014 01:51:02



On Wed, Sep 3, 2014 at 12:43 AM, Hans Yonathan <hans.yonathan@falinwa.com> wrote:

Hi,

 

If your problem is you don’t want to store a raw value of password in database,

you can just install module “Password Encryption”.

When you installed it, Odoo will encrypted the password first before store it to database.


Its a bad practice, in fact recently Olivier, fix[1] a big bug in 7.0 encypt password after install encryption module.

[1] https://github.com/odoo/odoo/commit/f29ff5ef70fdf5035bee05ddb9e2bea33454fa0b

 

Another things to configure the security is depends when you configure your server and connection.

 

I think its good enough security for SME Company.

 

Thank You.

 

Best Regards,

Hans Yonathan

OpenERP Support

FALINWA Limited

Expert in Finance & Business Intelligence

OpenERP Partner

Website: www.falinwa.com

 

From: David Arnold [mailto:dar@devco.co]
Sent: Wednesday, September 03, 2014 1:31 PM
To: Community
Subject: Re: Encrypcion

 

Thank you all, for you input and especially wallenquist for the yubikey idea.

 

Although it is probably true what Christan (ovnicraft) said, that Odoo is just not strong enough in security, a big (not extremely big, but big) arguement is user perception.

I think we are going to investigate more on the yubikey option in our futur works.

 

@Anders & Ovnicraft: Have you thought about writing a blog about Odoo security to share you knowlege and experience? - Just an idea to drop :)

 

Thanks again!


Saludos Cordiales

David Arnold

<img border=0 width=96 height=20 id="_x0000_i1025" src="cid:image001.jpg@01CFC77C.4021E8F0" alt="Image removed by sender.">

David Arnold BA HSG / Analista
315 304 13 68/ dar@devco.co

devCO - empresa de consultoría de sistemas (en fundación)
http://www.devco.co

This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. devCO is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.

 

2014-08-25 2:08 GMT-05:00 Ovnicraft <ovnicraft@gmail.com>:

 

 

On Sat, Aug 23, 2014 at 3:49 PM, <david@elaleman.co> wrote:

Hi

 

I wanted to ask if I can be confident about Data Security in Odoo?

 

Passwords by default are plain text in odoo, security is not matter on odoo (sorry for this odooers).

 

What are the available methods to protect the data?

 

What advanced mechanisms of encryption/protection are available in a networked environment with remote sites?

 

Thank you in advance for your Input. I'll try to set up a reference pad from your Feedback for further usage.

 

Regards, David



--

Image removed by sender. El Alemán S.A.S

David Arnold BA HSG / Gerente
315 304 13 68/ david²elaleman.co

El Alemán S.A.S Office: +57 (1) 651 3766 / Fax: +57 (1) 651 3772 
CRA 13 93 40 P4, Bogotá, Colombia
http://www.elaleman.co

Image removed by sender. Facebook

This e-mail message may contain confidential or legally privileged information and is intended only for the use of the intended recipient(s). Any unauthorized disclosure, dissemination, distribution, copying or the taking of any action in reliance on the information herein is prohibited. E-mails are not secure and cannot be guaranteed to be error free as they can be intercepted, amended, or contain viruses. Anyone who communicates with us by e-mail is deemed to have accepted these risks. El Aleman S.A.S is not responsible for errors or omissions in this message and denies any responsibility for any damage arising from the use of e-mail. Any opinion and other statement contained in this message and any attachment are solely those of the author and do not necessarily represent those of the company.

 

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe




--

 

<img border=0 width=105 height=70 id="_x0000_i1028" src="cid:image002.jpg@01CFC77C.4021E8F0" alt="Image removed by sender. Cristian Salamea on about.me">

 

Cristian Salamea

 

_______________________________________________

 

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe

_______________________________________________
Mailing-List: https://www.odoo.com/groups/community-59
Post to: mailto:community@mail.odoo.com
Unsubscribe: https://www.odoo.com/groups?unsubscribe




--
 
Cristian Salamea on about.me
 
Cristian Salamea
about.me/ovnicraft