openerp-community team mailing list archive

[Eric Caudal <eric.caudal@xxxxxxxxxxxxxx>]

I arrived basically to the same conclusions.
I will have a look at Holger's development which seems interesting.
Eric Caudal (From his mobile)

"W. Martin Borgert" <debacle@xxxxxxxxxx> wrote:

>On 2014-02-01 18:18, Eric Caudal wrote:
>> We face another security/data access issue with a customer who would
>> like to be able to hide the salary information from his IT
>> administrator.
>
>Eric, I hope I'm wrong, but I don't believe this is possible,
>neither with OpenERP nor any other similar system I'm aware of.
>
>It would be possible, if all "private" information is
>encrypted/decrypted in the client (here: web browser) and never
>reaches the server in clear text. But then all calculations had
>to be done in the client. This would break the whole conceptions
>of ERPs, I belive.
>
>> Any security expert would be able to enlighten it? Any common
>> practice from other ERP?
>
> * limit the root access to the server to only one/two/three
>   admins, whom you can trust
> * encrypt your backups (easy with duplicity + GnuPG), so you
>   can leave backups to untrusted file servers
> * pay the admin enough, so they won't betray you :~)
> * if it is a bigger system, split the server into different
>   security levels, so that breaking one server would not
>   break all of them
> * maybe you can control the admin activities somehow, e.g.
>   by logging all root activities. the logging has to be signed,
>   so that nobody can alter logging information later (maybe
>   systemd has something to offer here, not sure)
>
>If someone could please prove me wrong? :~)