openerp-community team mailing list archive

["W. Martin Borgert" <debacle@xxxxxxxxxx>]

Quoting "Markus Schneider" <markus.schneider@xxxxxxxxxx>:
> No it is just A and B in one system. Security is always a matter, but if
> you are a eCommerce System than all your sensible customer data are also
> in shop system.

I can imagine a lot of ERP data, that is not necessary at all on a shop
system: Project management, employee directory, leave management, MRP,
recruitment process, expense management. In many companies, the system
with employee data has limited or no internet access. Privacy does matter,
today more than ever.

> General the problem on security comes from inside your company as well.
> So the idea to have erp system and internet seperated works only in a
> world without eCommerce, email and customer portals. I don't need this
> you are wrong with OpenERP ;)

Is the new strategy to go for Magento instead of giving SAP a run for
their money? :~) I hope, that the software will remain interesting to
much more users, than the eCommerce community only!

> This is not a failure of system but a human failure. I have no idea to
> prevent such problems but i interested to know what have OpenERP think
> about that problem.

To err is human :~) Sensitive data should only be on systems where it is
absolutely necessary. A public portal or eCommerce site is not the right
place for sensitive data. The right question is: Why was this data on
that system in the first place?

It probably would make more sense to have two stricly separated systems
with a well-defined import and export, that can be audited e.g. by the
companys data protection officer (Datenschutzbeauftragter).

Cheers