Tuesday, December 10, 2013

OpenERP v7 menu security issue

Hello fellow Malaysia OpenERP communities , Do you know , if you login as ADMIN , and  copy a URL in this session for a particular menu which is not authorized to access the menu, and login as another user,  the restricted user will be able access that pages . This is an OpenERP issues, where the menus are only “hidden” BUT not actually “restricted” . This can be a serious security flaw if the pages are registered in search engines or If someone who is expert in OpenERP access the data.

I have found another useful module for you to tighten up your security of OE , it DID  not made by me , so i claim NO credit , but it can be found here , which i have uploaded in to E-global managed REPO... 

http://sourceforge.net/p/openerp-asia/code/HEAD/tree/trunk/V7.0/

you can click on the Download Snapshot , to download all the code .

the module is called  "web_menu_security" V7 module , which after installed it will restricts all the menus from user who have no permission to access that. The attempt will redirect the user to home page. You can use this module, without any configuration in the database. 

Hope you find more and more useful way for your local Malaysia business to grow through OpenERP , which we as SME has used it ourselves too !

Bravo , OpenERP ! Create History , Impact SME !

1 comment:

  1. Hi,

    I installed this module but nothing changed. User who have no permission still can see the menus and it not redirect to user home page. Is it any step or configuration that i need to do first?

    Thank you

    ReplyDelete

Note: Only a member of this blog may post a comment.