Technical mailing list archives


Re: Odoo json-rpc security issue

OpenCrea, Joannes LANDY
- 01/31/2018 06:43:54

You can use a crypted connection via https.


Joannes landy

Joannes LANDY
tel: (+33)6 20 38 02 57

2018-01-31 6:30 GMT+01:00 Yaseen Shareef <>:
Hi guys,

Just noticed that the odoo json-rpc calls can be made only by passing the dbname, uname and pwd. Well, this is clearly available on inspection if it's from an external web page which for example is based in angular. Isn't this a security risk considering that Odoo is an erp system? What are the solutions to this problem? I don't see any workaround on the odoo json-rpc side to this problem, so is there anything that can be done on the external web page which is based in angular or any other system for this?

Thanks And Regards,
Yaseen Shareef

Odoo Developer/ Consultant
Skype: yaseen.shareef91

Post to: