Contributors mailing list archives

Browse archives


Re: Bank Account Security

by "Holger Brunn" <> - 22/12/2022 10:43:33
> During an evaluation of OCA payment order module we discovered a critical

> default security issue in Odoo. (Note this is V14, but I doubt Odoo did

> anything)

in my book that's not a security issue (which are cases where you can do stuff 
that's explicitly not meant to be possible) but a difference in expectations 
between you and Odoo SA. Is it a security issue that I can change the address 
of a customer who has ordered a bunch of 100k watches to my own address, let 
the system create the delivery slip, change back afterwards?

If you set up an Odoo instance where employees aren't trustworthy, modules 
(would need a specific module for bank accounts/partners)

come to mind.

Your partner for the hard Odoo problems