openerp-community team mailing list archive
-
openerp-community team
-
Mailing list archive
-
Message #04464
Re: OpenERP CMS: How is server separation implemented?
Total agreement here - today more than ever.
Regards,
Vadim
-----Original Message-----
From: Openerp-community
[mailto:openerp-community-bounces+vadim=enapps.co.uk@xxxxxxxxxxxxxxxxxxx]
On Behalf Of W. Martin Borgert
Sent: 17 January 2014 17:33
To: Markus Schneider
Cc: Frederik Kramer; openerp-community@xxxxxxxxxxxxxxxxxxx; Fabien
Pinckaers
Subject: Re: [Openerp-community] OpenERP CMS: How is server separation
implemented?
Quoting "Markus Schneider" <markus.schneider@xxxxxxxxxx>:
> No it is just A and B in one system. Security is always a matter, but
> if you are a eCommerce System than all your sensible customer data are
> also in shop system.
I can imagine a lot of ERP data, that is not necessary at all on a shop
system: Project management, employee directory, leave management, MRP,
recruitment process, expense management. In many companies, the system
with employee data has limited or no internet access. Privacy does matter,
today more than ever.
> General the problem on security comes from inside your company as well.
> So the idea to have erp system and internet seperated works only in a
> world without eCommerce, email and customer portals. I don't need this
> you are wrong with OpenERP ;)
Is the new strategy to go for Magento instead of giving SAP a run for
their money? :~) I hope, that the software will remain interesting to much
more users, than the eCommerce community only!
> This is not a failure of system but a human failure. I have no idea to
> prevent such problems but i interested to know what have OpenERP think
> about that problem.
To err is human :~) Sensitive data should only be on systems where it is
absolutely necessary. A public portal or eCommerce site is not the right
place for sensitive data. The right question is: Why was this data on that
system in the first place?
It probably would make more sense to have two stricly separated systems
with a well-defined import and export, that can be audited e.g. by the
companys data protection officer (Datenschutzbeauftragter).
Cheers
_______________________________________________
Mailing list: https://launchpad.net/~openerp-community
Post to : openerp-community@xxxxxxxxxxxxxxxxxxx
Unsubscribe : https://launchpad.net/~openerp-community
More help : https://help.launchpad.net/ListHelp
Follow ups
References