openerp-community team mailing list archive

[Nhomar Hernández <nhomar@xxxxxxxxx>]

2013/11/9 Raphael Valyi <rvalyi@xxxxxxxxx>

> I'm curious to see all XSS and DOS exploits that will be found against
> OpenERP powered websites in the wild. Come one, you have never been a web
> publishing technology, why not trust the work of those who have been
> instead? OpenERP SA is smarter than everybody else, is that the theory
> again?


Men.

I didn't see any bug report by you about this
.
I tried to explode by myself several well known issues and i didn't find
any problem but I am almost sure that maybe I am forgeting something.

BUt even, if I can not trust a !website! to a framework, "How in the name
of God i can trust all an ERP", I think this statement is very dangerous,
and if you don't put here proofs IMHO It is a bad intentional flame dude.

And about DOS, it is not "Framework Problem" it is a "Server Problem" at
least I am forgetting something.

Support our point.

We managing only server configuration with load balancing change from 60k
to 1.060 Request per minute in our servers, caching, https it means
following "Best practices", even rails and plone if you don't configure
correctly the server, by default you can left the server unsusable "Having
the feeling of DoS" we have 3 goverment cases here in VE with plone where
after 6 months of problems with a Plone site an friend "plone expert,
mixing the well recommended practices and testing corectly solve the
problem in 3 hours[1].

About security, I tried in very different ways to brake the security layer
with portal users "Well COnfigured" and I couldn't brake anything, but Yes,
a portal user can be added to "Employee" group and you can give access to
undesired data easyly "Solution: We build a group which denied by default,
and overwrite the write and restrict the access to SUPERUSER to the
system", but again, it is configuration solvable issue.

Did i miss something?

Be carefull for your statements dude, because ignorant people can decide
based on your credibility and a lot of people can loss business
oportunities for your statements.

Show proofs first!

Regards.

[1]
http://www.slideshare.net/lcaballero/alta-disponibilidad-y-alto-desempeo-para-hospedaje-en-plone-en-el-debianday-merida-2011
-- 
--------------------
Saludos Cordiales

Nhomar G. Hernandez M.
+58-414-4110269
Skype: nhomar00
Web-Blog: http://geronimo.com.ve
Servicios IT: http://vauxoo.com
Linux-Counter: 467724
Correos:
nhomar@xxxxxxxxxxxxxx
nhomar@xxxxxxxxxx
twitter @nhomar