openerp-expert-framework team mailing list archive

Thread
Date

openerp-expert-framework team
Mailing list archive
Message #00520

Security flaws

To: openerp-expert-framework@xxxxxxxxxxxxxxxxxxx
From: Albert Cervera i Areny <albert@xxxxxxxxxxx>
Date: Sat, 26 Feb 2011 14:03:07 +0100
Organization: NaN
User-agent: KMail/1.13.5 (Linux/2.6.32-5-amd64; KDE/4.4.5; x86_64; ; )

Just wanted to highlight this [1] bug I reported several months ago regarding 
several security flaws which have not been solved as of yet. The bug was marked 
as public by OpenERP sa, so you may want to add your comments or patchs. 
Anyway, I think it's important everyone administering an OpenERP server must 
at least be aware that any user can change information in properties, for 
example:

https://bugs.launchpad.net/openobject-server/+bug/657013

-- 
Albert Cervera i Areny
http://www.NaN-tic.com
OpenERP Partners
Tel: +34 93 553 18 03
skype: nan-oficina

http://twitter.com/albertnan 
http://www.nan-tic.com/blog