Charity begins from home! OdooQa started the study on its own website. is our business partner who handles Odoo security on our behalf and we work hand in hands! Following is the analysis where the references are taken from and some from wikipedia. Following are the highlights, the complete one is here.


Odoo is an all-in-one management software that offers a range of business applications that form a complete suite of enterprise management applications targeting companies of all sizes. - including CRM,website/e-commerce, billing, accounting, manufacturing, warehouse - and project management, and inventory.
• The prime benefit of Odoo is its extensible architecture. A large number of freelancers and organizations develop Odoo Apps or Modules and place them in the marketplace for sale or to be downloaded for free.
• The main Odoo components are the Open Object framework, about 30 core modules (also called official modules) and more than 5000 community modules. Most Odoo modules are available in OdooS.A' s marketplace where community could buy or download many modules for free.
• As per 9 July 2018, 15759 Apps or modules were found on the marketplace in different categories. Most modules are served in all active versions of 9.0, 10.0 and 11.0.
• Odoo uses Python scripting and PostgreSQL database. The software is accessed via a web browser in a one page app developed in JavaScript. The Community edition repository is on GitHub.


Below are the security practices done by Odoo team to ensure security on Odoo cloud:
• Backup and disaster recovery: Odoo provides full backups for its instances up to 3 months. Odoo also has effective disaster management practices, with worst case scenario where the users can lose maximum 24hours of work if data cannot be recovered and restores the last daily backup.
• Database security: Customer data is stored in a dedicated database, where data is not shared between clients. Data access control rules implement complete isolation between customer databases.
• Password security: Customer passwords are protected with industry standard PBKDF2+SHA512 encryption(salted + stretched for thousands of rounds).Odoo staff does not have user passwords. If you lose it, you have to reset it.
• Employee access: Odoo staff may access user accounts to fix support issues (with use of a staff authorization, not user password).
• System security: All Odoo online servers are running hardened Linux distributions. Only a few trusted Odoo engineers have clearance to remotely manage the servers. Firewall and intrusion countermeasures prevent unauthorized access.

Physical security: Security cameras are monitoring the physical data centres. Physical access to data centres where Odoo servers are located is restricted to data centre technicians only.
• Communications: All web connections to client instances are protected with 256 bit SSL encryption. Odoo servers are always under watch and patched against latest SSL vulnerabilities.

Some recent vulnerabilities in Odoo which got exploited:
• CVE-2017-10803:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, insecure handling of anonymization data in the Database Anonymization module allows remote authenticated privileged users to execute arbitrary Python code, because unpickle is used.
• CVE-2017-10804:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, remote attackers can bypass authentication under certain circumstances because parameters containing 0x00characters are truncated before reaching the database layer. This occurs because Psycopg 2.x before 2.6.3 isused.
• CVE-2017-10805:
In Odoo 8.0, Odoo Community Edition 9.0 and 10.0, and Odoo Enterprise Edition 9.0 and 10.0, incorrect access control on OAuth tokens in the OAuth module allows remote authenticated users to hijack OAuthsessions of other users.
• CVE-2017-9416:
Directory traversal vulnerability in tools.file open in Odoo 8.0, 9.0, and 10.0 allows remote authenticated users to read arbitrary local files readable by theOdoo service.

Overall, we found the following noteworthy problems:

1. Cookie Poisoning

2. Session Termination

3. Broken Access Control

4. Cross Site Access Forgery

5. Cross Site Scripting (XSS)

6. Code Injection

7. Using HTTP Connection

8. Sensitive Data Exposure

9. Clickjacking

10. Cross Frame Scripting (XFS)

user image
jnvjnjcnv On, 26 May 2020


Public user
On, 13 May 2021

NEED PAPER WRITING HELP? Top creative writing editor services . Proceed to Order!!! ==> <a href=><img src=""></a> Common french phrases for essays Free resume templates from microsoft office Cheap dissertation abstract editing sites au Professional services cover letter Family tradition essays thanksgiving Tsotsi decency essay Sample resume for pharmaceutical sales rep Top term paper editing website for mba Cover letter attachment abbreviation <a href=>Popular business plan editor website usa ssvcz</a> <a href=>Sample resume car salesperson emtuk</a> <a href=>Thesis statement-literary analysis of hills like white elephants dpdai</a> <a href=>Hamlet oedipus complex essay mkxyp</a> b3230db Top blog ghostwriter website for school Esl letter writer site for phd Resume templet free example HGtYUPlKMnGFW <a href=>studybay</a> <b>Top creative writing editor services </b> <a href=>essaypro login</a> Top creative writing writer websites for college Top critical essay ghostwriters service usa Cover letter interior designer position <a href=>Custom problem solving writer services gb mpfer 2021</a> <a href=>Engineering fresher resume sample download</a> <a href=>How to write contract deliverables</a> <a href=>Professional university essay writers services for masters pxkza</a> <a href=>Professional admission essay ghostwriter services online</a> tghuTRTjigFIr6F Review <b>Top creative writing editor services </b> <a href=>Essay on northridge earthquake hrgby</a> <a href=>Sample resume for download yedeq</a> <a href=>Literature review on value importance rlcvo</a> <a href=>Best definition essay ghostwriters sites for mba aadqy 2021</a> <a href=>essay pro</a> Apa style example page Book review writers website gb Tow truck driver resume <a href=>займ онлайн</a> <a href=>авиасейлс купить билеты</a> Training survey cover letter English essay sample speech Home beauty salon business plan Top creative writing editor services <a href=>studybay</a> <a href=>British imperialism in china essay xrjtt</a> <a href=>Essay words left unspoken tilha</a> <a href=>Thesis on stbc icuqw</a> <a href=>Rallye cross lessay oixlx</a> <b>Top creative writing editor services </b> <a href=>Popular dissertation results ghostwriters service for phd yihsl 2021</a> <a href=>Order best essays online sjvps 2021</a> <a href=>Freres scott resume saison 1 ppevc 2021</a> <a href=>Define convergence thesis zbtul</a> Crowd controller resume sample Usc engineering supplement essay length Best article ghostwriting site for school <b>Top creative writing editor services </b> <a href=>Write me esl dissertation conclusion online</a> <a href=>Scholarships for juniors in high school no essay ngnxr</a> <a href=>Professional admission paper editor services for mba</a> <a href=>Resume writing how far back fioig</a> <a href=>Popular critical thinking writer sites dmymb</a> <a href=>Best school essay proofreading service uk syqqu 2021</a>

user image
test On, 27 May 2020


user image
yuvraj On, 30 May 2020


user image
989898 On, 30 May 2020


user image
abc On, 30 May 2020