openerp-community team mailing list archive

Thread
Date

Re: About encryption in database

To: Eric Caudal <eric.caudal@xxxxxxxxxxxxxx>
From: "W. Martin Borgert" <debacle@xxxxxxxxxx>
Date: Sat, 1 Feb 2014 11:32:47 +0100
Cc: openerp-community <openerp-community@xxxxxxxxxxxxxxxxxxx>
In-reply-to: <52ECCA0C.7060605@elico-corp.com>
User-agent: Mutt/1.5.21 (2010-09-15)

On 2014-02-01 18:18, Eric Caudal wrote:
> We face another security/data access issue with a customer who would
> like to be able to hide the salary information from his IT
> administrator.

Eric, I hope I'm wrong, but I don't believe this is possible,
neither with OpenERP nor any other similar system I'm aware of.

It would be possible, if all "private" information is
encrypted/decrypted in the client (here: web browser) and never
reaches the server in clear text. But then all calculations had
to be done in the client. This would break the whole conceptions
of ERPs, I belive.

> Any security expert would be able to enlighten it? Any common
> practice from other ERP?

 * limit the root access to the server to only one/two/three
   admins, whom you can trust
 * encrypt your backups (easy with duplicity + GnuPG), so you
   can leave backups to untrusted file servers
 * pay the admin enough, so they won't betray you :~)
 * if it is a bigger system, split the server into different
   security levels, so that breaking one server would not
   break all of them
 * maybe you can control the admin activities somehow, e.g.
   by logging all root activities. the logging has to be signed,
   so that nobody can alter logging information later (maybe
   systemd has something to offer here, not sure)

If someone could please prove me wrong? :~)

References

About encryption in database
From: Eric Caudal, 2014-02-01