An high level over view of Security in OpenERP

Hestin Jose's picture

Here I am trying to consolidate the security features in OpenERP which I experienced so far and referring the information available in the community. OpenERP is as secure as any other enterprise standard business application and the architecture has many advantages to use the same as an application ready to be deployed in the Cloud infrastructure. We have been getting many queries about "How secure is OpenERP?" as it is a common concern for the similar kind of Open Source applications. By pointing some information here it will be also much appreciated if our valuable readers can contribute on this critical feature of OpenERP.

Most of you know that OpenERP is having a client/server architecture with one of its major goals was to secure transmission of data between communicating peers than any other ERP systems.
        
        OpenERP provides
           1) web-based interface   
           2) GTK-based interface

     Security in OpenERP WEB-based Interface 
            a) OpenERP web client uses https, protocol for transmitting data securely over the World Wide Web.
            b)OpenERP with vpn, eliminates any outsiders from accessing the system
            c)Base_crypt module allows to store username and password in encrypted manner
            d)Robot.txt file at the root of the web client folder  not allows google to index our login screen.
            
      Security in OpenERP GTK-based Interface
              a)OpenERP GTK client provides xmlrpc-secure, remote procedure call protocol combined with                            security feature  added recently to OpenERP           
              b)OpenERP with LDAP module already present is another step towards security
                         
 OpenERP-Server prevents from port based attacks on hosted server with its ability to change the port values with flexiblity. OpenERP mainly built in python allows to incorporate any of the python secure features.