openerp-community team mailing list archive

[Markus Schneider <markus.schneider@xxxxxxxxxx>]

Hi,

On 17.01.2014 10:16, W. Martin Borgert wrote:
> On 2014-01-11 11:20, Fabien Pinckaers wrote:
>> We just released a few videos to showcase the CMS and eCommerce apps of
>> OpenERP v8. You can get a direct access here:
>>     https://www.openerp.com/teaser?v=all
> 
> Very nice! I wonder, how a typical server separation is done?
> 
> I assume, that normally one has two systems:
> 
>  A. An ERP system in the company, probably with no direct
>     internet access, but only accessible from approved clients.
>     If the internet connection to the outside world breaks, one
>     can still use the ERP, because its local. You may have data
>     in the ERP that you would not (be allowed to) copy to
>     servers outside of the company.
> 
>  B. A CMS in a data center with public internet connection. This
>     contains all the public information, but only the absolute
>     minimum of client data, so that the damage of someone
>     copying the database would be limited. If the companies
>     internet connection breaks, the CMS is still visible to the
>     world.

No it is just A and B in one system. Security is always a matter, but if
you are a eCommerce System than all your sensible customer data are also
in shop system.
General the problem on security comes from inside your company as well.
So the idea to have erp system and internet seperated works only in a
world without eCommerce, email and customer portals. I don't need this
you are wrong with OpenERP ;)

> How is this implemented in OpenERP? Is synchronisation between
> both systems done on request or in regular intervals? How do you
> make sure, that no sensitive data from the ERP ever gets to the
> CMS, which is exposed to the world? Per table? Per application?

This is a other issue. And the practice ( in example openerp.com ) has
fail in that.
As a partner our company address is listed on openerp.com but some stuff
add mobile number of our ceo and the mail for incoming invoice to our
address. So far fine, But as a result the information was shown public
on openerp.com because it is only one system.

This is not a failure of system but a human failure. I have no idea to
prevent such problems but i interested to know what have OpenERP think
about that problem.

Greetings

Markus

> TIA!
> 
> _______________________________________________
> Mailing list: https://launchpad.net/~openerp-community
> Post to     : openerp-community@xxxxxxxxxxxxxxxxxxx
> Unsubscribe : https://launchpad.net/~openerp-community
> More help   : https://help.launchpad.net/ListHelp
> 

-- 
Dipl.-Comp.-Math. Markus Schneider
Softwareentwickler

initOS GmbH & Co. KG
An der Eisenbahn 1
21224 Rosengarten

Mobil:   +49 (0)172 2303699
Phone:   +49 (0)4105 5615613
Fax:     +49 (0)4105 5615610

Email:   markus.schneider@xxxxxxxxxx
Web:     http://www.initos.com

Geschäftsführung:
Dipl. Wirt.-Inf. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke
Haftende Gesellschafterin: initOS Verwaltungs GmbH

Sitz der Gesellschaft: Rosengarten – Klecken
Amtsgericht Tostedt, HRA 201840
USt-IdNr: DE 275698169
Steuer-Nr: 15/205/21402