Contributors mailing list archives

contributors@odoo-community.org

Avatar

Re: Migration auth_admin_passkey to 11.0 and 12.0

by
Groupement Régional Alimentaire de Proximité, Sylvain LE GAL
- 21/06/2019 11:07:38
Hi,

could you precise what is the problem(s) regarding the GDPR ?
Regarding the full access that is granted by this module, It is given to the admin user only, that has by design, access to all the database. (ACL bypassed).


Kind regards.

Sylvain LE GAL - Twitter
GRAP - Service informatique (Groupement Régional Alimentaire de Proximité)
Site Web | FramaSphere | Facebook
3 Grande rue des Feuillants, 69001 Lyon
Bureau : (+33) 09.72.32.33.17 - Astreinte : (+33) 06.81.85.61.43
Member of the OCA (Odoo Community Association)


Le jeu. 20 juin 2019 à 15:17, Florian Kantelberg <florian.kantelberg@initos.com> a écrit :

Hi,

I would propose an OTP like process for the auth_admin_passkey and a change in the login process for the admin. It would be GDPR conform if the user has to generate an OTP first and give that to the admin who wants to access his account. The admin therefore needs his own password + the OTP from the user to login as a different user. The otp can have a lifetime as well.

I can try to migrate the module with the mentioned changes in the next days if there are no further concerns.

Regards.

Am 17.06.19 um 09:17 schrieb Davide Corio:
Hi,
I believe that the module itself is not a risk, using it the wrong way might be.

That module remains really useful during the development phase.


On Fri, Jun 14, 2019 at 3:52 PM Pedro M. Baeza (Tecnativa) <pedro.baeza@tecnativa.com> wrote:
Yes, server-auth is the good host. I think nobody has migrated yet because of the risks of vulnerating GDPR.

Regards.

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe



--
Davide Corio
Odoo Solution Architect
Mobile: +39 340 810 6954

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

-- 
Mit freundlichen Grüßen

Florian Kantelberg
Softwareentwickler

initOS GmbH
An der Eisenbahn 1
21224 Rosengarten

Tel.: +49 (0) 4105 5615644
Fax: +49 (0) 4105 5615610

Email: florian.kantelberg@initos.com
Internet: http://www.initos.com

Geschäftsführung:
Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten Francke

Sitz der Gesellschaft: Rosengarten – Klecken
Amtsgericht: Tostedt, HRB 205226
USt-IdNr: DE 815580155
Steuer-Nr: 15/200/53247

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

Reference