Contributors mailing list archives

Akretion France, David BEAL

- 08/07/2019 15:56:29

Hi all,

I dived in this module

I really appreciate to have a way to combine server_env module without to have an UI to build (then a UI fallback). Thanks to the authors

But I have a question about security or confidentiality of informations

A parameter can be a credential (all that we have in server_env keys), and I ask myself why values contained in server_env files

are always written in ir.config_parameter instead of only used as substitution.

IMO, i thought that UI was for demo purposes not for real production storage informations place.

These values are also in backup, and that may imply to rise questions in gdpr context I suppose.

I think we could have an optionnal behavior to prevent to store data in db.

What do you think?

Maybe I missed something, so please make me take the right way

Otherwise, I can make a PR

Thanks for you advices

Bonne journée

David BEAL - akretion.com

Chef de projet

Odoo Développement / Intégration