Contributors mailing list archives

contributors@odoo-community.org

Browse archives

Avatar

Re: How to prevent odoo to send the entire traceback

by
Sunflower IT, Tom Blauwendraat
- 21/01/2022 11:33:16

I did see a module in use once that hashed out the folder names in the tracebacks, which are one of the sensitive parts. But I cant remember which module it was.

On 1/21/22 10:07 AM, Nils Hamerlinck wrote:
Hi Dominique,

You can try with a server wide module that overrides serialize_exception:

old_http_serialize_exception = http.serialize_exception

def http_serialize_exception(e):
    tmp = old_http_serialize_exception(e)
    tmp['debug'] = 'Please check the logs for the traceback.'
    return tmp

if 'redacted_module' in config.get('server_wide_modules'):
    _logger.debug('Overriding default serialize_exception')
    http.serialize_exception = http_serialize_exception


Regards,

Nils

On Fri, Jan 21, 2022 at 11:27 AM Dominique k <dominique.k@elico-corp.com.sg> wrote:
Hi,

Not sure if this is the right place to ask:
Whenever there is an error, Odoo will send back a traceback (whether it is an API call, or from the browser).
This could be a security issue, as a lot of data can be sent back. Is it possible to reduce the size of the traceback? - so as to prevent an attacker from retrieving any information on the server ?

Regards,
Dominique 

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

_______________________________________________
Mailing-List: https://odoo-community.org/groups/contributors-15
Post to: mailto:contributors@odoo-community.org
Unsubscribe: https://odoo-community.org/groups?unsubscribe

Reference