I was looking at the debian/ubuntu packaging of openerp-server and the packaging in progress of openerp-web. Both have init scripts which launch the processes under the "openerp" user id. My feeling is that it would be more secure to run the two under different unix users so that if someone managed to compromise openerp-web and get shell access they would not be able to connect directly to postgres with ident access and ownership of the tables, they would still have to go via the openerp-server api.
The installation instructions on the openerp.com site also seem to describe both -server and -web running under the openerp username. Am I right in my thinking? Are there any downsides to running the two as different users? I am mainly concerned with the single server scenario, when running the front end and back end on different servers I guess this is a non-issue. -------------------- m2f -------------------- -- http://www.openobject.com/forum/viewtopic.php?p=43779#43779 -------------------- m2f -------------------- _______________________________________________ Tinyerp-users mailing list http://tiny.be/mailman2/listinfo/tinyerp-users
