Situation:
* Odoo v12.0 CE with multicompany database.
* Webserver (Apache2 reverse proxy).
Odoo database hosts backend functionality as well as publicly accessible website(s).
Questions:
Does it make sense to implement an authentication scheme at the webserver to increase security if Odoo server also hosts publicly accessible website(s)?
For example by using authentication forwarding (https://github.com/OCA/server-auth/tree/12.0/auth_from_http_remote_user).
In case of a publicly accessible website, Odoo server has many URL endpoints that need to be served without authentication.
What are website related end-points? We see many starting with "/web" which is also start of backend related URLs.
Can we discriminate between backend and website related URLs (e.g with <Location> configuration section containers in Apache conf) or is this not feasible / a bad idea?
Odoo is the world's easiest all-in-one management software.
It includes hundreds of business apps:
- CRM
- e-Commerce
- Boekhouding
- Voorraad
- PoS
- Project
- MRP
Deze vraag is gerapporteerd
2327
Weergaven
Geniet je van het gesprek? Blijf niet alleen lezen, doe ook mee!
Maak vandaag nog een account aan om te profiteren van exclusieve functies en deel uit te maken van onze geweldige community!
Aanmelden| Gerelateerde posts | Antwoorden | Weergaven | Activiteit | |
|---|---|---|---|---|
|
0
jun. 25
|
311 | ||
|
0
jan. 25
|
1414 | ||
|
0
jan. 25
|
1442 | ||
|
1
dec. 24
|
1912 | ||
|
0
mei 24
|
1501 |
