Can I make sure there are no back doors?

Gilles Lehoux

If I provide a computer to an OpenERP consultant and ask him to install Linux (ex Ubuntu) and OpenERP, then, when the computer comes back, is there a way to make sure that he has not included any back doors in either Linux or OpenERP? The server would be accessible from outside the office, maybe through a VPN, also smartphones.

A back door is a way to bypass the systems that restrict access. The simplest back door is to create an extra user. Someone can then use that login. I guess looking at the user list would insure against this.

2 回答
Best Answer

You can never be 100% Positive. To be 99.9% confident there are no back doors:

  1. Hire somebody trustworthy to install your system.
  2. Setup a system to log all the IP addresses that access your system, review these logs for irregular activity.
  3. Check your operating system and openERP installation for users you do not recognize.
  4. Install the OS and openERP yourself, have the consultant ship you the custom modules with installation instructions.

Point 4 is really paranoid, i don't think you need to go that far if you have a trustworthy consultant.

With any computer system backdoors can always be put in, the Stuxnet virus was enabled by Siemens hard coding a hidden administrator account that didn't show up in the software, that hardware was in use at hundreds of sites.

Best Answer

If you are asking this question you should install linux and openerp on yourself.

you can check my answer on how to install openerp on ubuntu