Technical mailing list archives


Odoo json-rpc security issue

- 01/31/2018 00:26:15
Hi guys,

Just noticed that the odoo json-rpc calls can be made only by passing the dbname, uname and pwd. Well, this is clearly available on inspection if it's from an external web page which for example is based in angular. Isn't this a security risk considering that Odoo is an erp system? What are the solutions to this problem? I don't see any workaround on the odoo json-rpc side to this problem, so is there anything that can be done on the external web page which is based in angular or any other system for this?

Thanks And Regards,
Yaseen Shareef

Odoo Developer/ Consultant
Skype: yaseen.shareef91