Authentication at webserver in case of Odoo database hosting publicly accessible website(s) as well as backend

Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:

CRM
e-Commerce
Akuntansi
Inventaris
PoS
Project
MRP

All apps

Semua Post Orang Lencana-Lencana

Label (Lihat semua)

odoo accounting v14 pos v15

Mengenai forum ini

Help

Authentication at webserver in case of Odoo database hosting publicly accessible website(s) as well as backend

security authentication

2337 Tampilan

Gerald van Beuningen

Situation:
* Odoo v12.0 CE with multicompany database.
* Webserver (Apache2 reverse proxy).
Odoo database hosts backend functionality as well as publicly accessible website(s).
Questions:
Does it make sense to implement an authentication scheme at the webserver to increase security if Odoo server also hosts publicly accessible website(s)?
For example by using authentication forwarding (https://github.com/OCA/server-auth/tree/12.0/auth_from_http_remote_user).
In case of a publicly accessible website, Odoo server has many URL endpoints that need to be served without authentication.
What are website related end-points? We see many starting with "/web" which is also start of backend related URLs.
Can we discriminate between backend and website related URLs (e.g with <Location> configuration section containers in Apache conf) or is this not feasible / a bad idea?

Menikmati diskusi? Jangan hanya membaca, ikuti!

Buat akun sekarang untuk menikmati fitur eksklufi dan agar terlibat dengan komunitas kami!

Daftar

Post Terkait	Replies	Tampilan
User Session Bug. security	0 Jun 25	314
How to resolve the Access Error issue? security	0 Jan 25	1415
Lock/unlock feature in Transfers security	0 Jan 25	1458
User Access Restriction by IP in Odoo Diselesaikan security	1 Des 24	1918
Security header at Odoo With Domain security	0 Mei 24	1509

Pertanyaan ini telah diberikan tanda

Menikmati diskusi? Jangan hanya membaca, ikuti!