How to increase the security of Odoo ?

Posted on 9 November, 2015

From our vast experience on Odoo implementations so far, we suggest following steps to secure your Odoo :

  • Set private ssh key for your Odoo server.
  • Start your Odoo in SSL mode.
  • Install Nginx in your Ubuntu Server.
  • Stop access of all unnecessary ports from firewall of your Ubuntu Server.
  • Set proper data access rights & access rules into your Odoo instance.
  • Set proper authentication method for your PostgreSQL database user.
  • Set tricky password for PostgreSQL user.
  • Apply encryption on Database and Odoo user passwords.
  • Set Tricky password for Super Admin.
  • Request all your ERP users to set difficult password for their accounts in Odoo.
  • Provide FTP access for your ERP users and don't allow them to create files out of their directory on your Ubuntu Server.
  • Set proper access rights on your custom addons and default Odoo addons via chmod and chown commands.
  • Have a look on /var/log/postgresql/postgresql-9.1-main.log file for malware attack on your database.
  • Manage your Odoo log file properly.
  • Transfer database & custom addons backup to remote place at frequent amount of time.
  • Change and set tricky password for detault postgres user in your database server.
  • Stop XMLRPC if you don't want your ERP to connect from 3rd party systems. ( set xmlrpc=False in your config file )
  • Remove "Manage Database" link from home page of your live Odoo instance. ( it's suggestion only )
  • Ignore installation of Odoo where multiple other websites are hosted
  • We highly recommend to ignore creation of any kind of demo database in Live Odoo instance. 
  • Ignore to host your Odoo in Web hosting servers, always host Odoo in trusted VPS sites. ( Amazon, Raskspace, DigitalOcen, Myhosting etc..)
  • Monitor Incoming and outgoing TCP/IP traffics in your Ubuntu Server.  Few of our customers for whom we have implemented Odoo for more then 150+ users, they hired their own server administrator to monitor incoming and outgoing TCP/IP traffics. ( Visit this link )
  • Never give full access of your server to your Odoo service providers, always give them folder access of their own custom addons with their separate user. ( It's advisable to not share root user password to anyone. )
  • If customer can afford healthy cost, we always suggest them to set up their own in-house hosting server instead of VPS.

Being an emerging leader in IT market since 2011, Emipro Technologies Pvt. Ltd. has been providing a wide range of business solutions in Odoo & Magento. We are pleased to have a large pool of contented customers with our meticulous work in the domain of ERP & e-Commerce. A ray of relief & satisfaction to  our customers heart by our successful deployment in their organization, purely represents our success in Odoo platform. Hence, we take pride for being an Odoo partner with a vision of expanding our strategic alliances with our customers to offer them high value-added, trustworthy & cost effective solutions. We are just an inch away from you by email or a tweet to @EmiproTech 

Hiren Vora , Managing Director
Odoo Technical Notes

Post Your Review


Your Review has been posted

0 Comment(s)