openerp-community team mailing list archive

["W. Martin Borgert" <debacle@xxxxxxxxxx>]

Fabien, many thanks for your first hand explanation!

On 2014-01-17 21:43, Fabien Pinckaers wrote:
> You can choose between:
> 1/ having a fully integrated solution on the same server: frontend+backend
> or
> 2/ deploy separatly the frontend and the backend (and use modules like
> base_synchro to sync them)

The second option sounds like the way to go, as long as you can
easily define which data is synced. I.e. sync only the data that
absolutely must be copied to a publically accessible server. I'm
not talking about OE security problems, but any operating system
can have security problems, the people in the data center might
sell your data, etc. The less data you have on the public
server, the better!

> In my opinion, most companies will go for the 1/ option because it's so
> powerful that it counter-balance every other arguments in favor of
> splitting physical servers.

I fear, you're right, that many companies will go for option 1.
Privacy is something, many companies are not interested in.
Security is something most people do not understand. We see so
many breaches these days, such as credit card copies - no
surprise. But the times are changing - I hope.

> It's a bit like the Facebook privacy; everyone complains against it but at
> the end, everyone uses Facebook because it's much more efficient to
> communicate or share photos.

The only connection to Facebook I have is my line in /etc/hosts,
that associates most common Facebook server names with
127.0.0.1. I recommend this setting to everyone.

> I am not even sure that separating different servers with a synchronization
> between them offers a better security.
> Mostly because there are so much connections with the ERP and external
> applications (emails, bank interfaces, customer portal, edi, mobile apps,
> ...) that you already need to have your OpenERP accessible online.

Well, I'm running OE on a VM and try to be most specific about
every single connection to the outside world. Otherwise I would
not put any valuable data into it. That is: The server has only
an IMAP and SMTP connection to a mail server, the web interface
is accessible in the LAN only. If one wants to access OE from
outside, they need to use OpenVPN or an SSH tunnel.

> If you are not convinced, no problem! Just use OpenERP eCommerce on one
> server and OpenERP ERP on another one. It works exactly like
> Magento-OpenERP and it's even easier to sync as the DB schema is the same.
> (and you can reuse the base_synchro module)

Yes, this sounds convincing to me! I'ld like to see OE leading
not only in ease of use, but also in making secure systems
easier to deploy.