Contributors mailing list archives
contributors@odoo-community.org
Browse archives
server_environment_ir_config_parameter security purpose
by
Akretion France, David BEAL
Hi all,
I dived in this module
I really appreciate to have a way to combine server_env module without to have an UI to build (then a UI fallback). Thanks to the authors
But I have a question about security or confidentiality of informations
A parameter can be a credential (all that we have in server_env keys), and I ask myself why values contained in server_env files
are always written in ir.config_parameter instead of only used as substitution.
IMO, i thought that UI was for demo purposes not for real production storage informations place.
These values are also in backup, and that may imply to rise questions in gdpr context I suppose.
I think we could have an optionnal behavior to prevent to store data in db.
What do you think?
Maybe I missed something, so please make me take the right way
Otherwise, I can make a PR
Thanks for you advices
Chef de projet
Odoo Développement / Intégration
Follow-Ups
-
Re: server_environment_ir_config_parameter security purpose
byAkretion France, David BEAL -
Re: server_environment_ir_config_parameter security purpose
byAkretion France, David BEAL