openerp-community team mailing list archive

["W. Martin Borgert" <debacle@xxxxxxxxxx>]

On 2014-01-17 19:37, Kurt Haselwimmer wrote:
> Think about it for one minute - how much easier will it be for translators to translate your website into their language - now that they can see the text they are translating when they can see it in the proper context - rather than editing the content in a some file tucked away with a line like $checkout_error1="Please correct form entry".

This sounds weird. Isn't everybody using gettext (or similar
techniques) nowadays for translations?

> The concerns that people have over security are exactly the same as any webstore that is processing credit card information

I disagree. In an ERP you have much more data than only that.
There is a lot of data that should never, ever be on a
publically accessible server, such as employees contract data or
their illness times. A public web shop should only have the
necessary data on the server.

Example: A company puts a job offer on their website using the
OE Recruitment process module. So you must have the job
description on the public server as well as a way to upload CVs
etc. What you definetely do not want to have on an external
server is the internal recruitment rating process. If this
information gets into the wrong hands, it might harm your
company.

> 1) IP range restriction for admin access.
> 2) IP blocking once you do spot an obvious hack attempt
> 3) Possible secondary access password for admin edits
> 4) Ability to roll-back content to a particular date (should the worst happen.)

Some rogue data center staff member might copy your PostgreSQL
database. This is less likely inside your company, where only
few well-known admins have access. It is best practise in
security to have only the minimum of data on certain systems, so
that a possible breach has the least impact.

Cheers