Contributors mailing list archives

contributors@odoo-community.org

Avatar

server_environment_ir_config_parameter security purpose

by
Akretion France, David BEAL
- 08/07/2019 15:56:29
Hi all,

I dived in this module


I really appreciate to have a way to combine server_env module without to have an UI to build (then a UI fallback). Thanks to the authors

But I have a question about security or confidentiality of informations

A parameter can be a credential (all that we have in server_env keys), and I ask myself why values contained in server_env files
are always written in ir.config_parameter instead of only used as substitution.

IMO, i thought that UI was for demo purposes not for real production storage informations place.

These values are also in backup, and that may imply to rise questions in gdpr context I suppose.

I think we could have an optionnal behavior to prevent to store data in db.
What do you think?

Maybe I missed something, so please make me take the right way

Otherwise, I can make a PR

Thanks for you advices

Bonne journée


David BEAL - akretion.com
Chef de projet
Odoo Développement / Intégration

Follow-Ups