Skip to Content
Menu
Musisz się zarejestrować, aby móc wchodzić w interakcje z tą społecznością.
To pytanie dostało ostrzeżenie
2 Odpowiedzi
9446 Widoki

Are passwords now encrypted by default in version 7?

I have read many places that a mod needs to be installed for the passwords to be encrypted but they were for version 6.

If I need to install a mod, what is it called? I have only found "Password Encryption" but I think that is for email only?

Please advise, I am very new to OpenERP and want to make it secure.

Awatar
Odrzuć
Najlepsza odpowiedź

Please, search before post new answer. This is a common question: https://accounts.openerp.com/forum/Help-1/question/6545

Awatar
Odrzuć
Najlepsza odpowiedź

Just checked with my 7.0 installation and the passwords are not encrypted. However, I wonder what security problem you are worried about? Encrypted passwords in the database only mean that somebody who connects directly to your db, or who gets access to a database dump can't see the user passwords (which is of course a good thing in itself). Access to the database and its dumps should be restricted as there is far more than just user passwords that is potentially sensitive information in an ERP. Password encryption does not increase the security of the application in any way.

If you are worried about the general security of OpenERP that are other more important things to be concerned about, such only allowing connections to your OpenERP server using SSL.

Awatar
Odrzuć

For one thing, it means that if a server is compromised as you described, if users have used the same passwords elsewhere, their accounts everywhere else haven't been compromised too...

Powiązane posty Odpowiedzi Widoki Czynność
2
lut 21
17284
2
mar 15
3673
1
kwi 24
26488
0
gru 24
9451
0
maj 25
1531