Contributors mailing list archives
Re: Migration auth_admin_passkey to 11.0 and 12.0by
Mit freundlichen Grüßen
We look forward to see you. Best Regards
Dipl. Ing. (Fh) Georg Notter
Agent ERP GmbHwww.agenterp.com
Am 26.06.2019 um 03:57 schrieb Rafael Blasco <email@example.com>:
You must demostraste Compliance .
This should mean that any user/employee sign you in a contract that any human with the Odoo admin access can make any action in Odoo with you name. Who will sign that? If employee doesn’t’ sign it is illegal if employee sign it… is legal? You could do anything without any track/trace :-\
In any case, making the module is fair, installing in production is dangerous. Installing it in a test environment….
De: Sylvain LE GAL [mailto:firstname.lastname@example.org]
Enviado el: viernes, 21 de junio de 2019 11:12
Para: Contributors <email@example.com>
Asunto: Re: Migration auth_admin_passkey to 11.0 and 12.0
could you precise what is the problem(s) regarding the GDPR ?
Regarding the full access that is granted by this module, It is given to the admin user only, that has by design, access to all the database. (ACL bypassed).
Le jeu. 20 juin 2019 à 15:17, Florian Kantelberg <firstname.lastname@example.org> a écrit :
I would propose an OTP like process for the auth_admin_passkey and a change in the login process for the admin. It would be GDPR conform if the user has to generate an OTP first and give that to the admin who wants to access his account. The admin therefore needs his own password + the OTP from the user to login as a different user. The otp can have a lifetime as well.
I can try to migrate the module with the mentioned changes in the next days if there are no further concerns.
Am 17.06.19 um 09:17 schrieb Davide Corio:
I believe that the module itself is not a risk, using it the wrong way might be.
That module remains really useful during the development phase.
On Fri, Jun 14, 2019 at 3:52 PM Pedro M. Baeza (Tecnativa) <email@example.com> wrote:
Yes, server-auth is the good host. I think nobody has migrated yet because of the risks of vulnerating GDPR.
----Mit freundlichen GrüßenFlorian KantelbergSoftwareentwicklerinitOS GmbHAn der Eisenbahn 121224 RosengartenTel.: +49 (0) 4105 5615644Fax: +49 (0) 4105 5615610Internet: http://www.initos.comGeschäftsführung:Dr.-Ing. Frederik Kramer & Dipl.-Ing. (FH) Torsten FranckeSitz der Gesellschaft: Rosengarten – KleckenAmtsgericht: Tostedt, HRB 205226USt-IdNr: DE 815580155Steuer-Nr: 15/200/53247
Post to: mailto:firstname.lastname@example.org