2013/11/9 Raphael Valyi <[email protected]> > I'm curious to see all XSS and DOS exploits that will be found against > OpenERP powered websites in the wild. Come one, you have never been a web > publishing technology, why not trust the work of those who have been > instead? OpenERP SA is smarter than everybody else, is that the theory > again?
Men. I didn't see any bug report by you about this . I tried to explode by myself several well known issues and i didn't find any problem but I am almost sure that maybe I am forgeting something. BUt even, if I can not trust a !website! to a framework, "How in the name of God i can trust all an ERP", I think this statement is very dangerous, and if you don't put here proofs IMHO It is a bad intentional flame dude. And about DOS, it is not "Framework Problem" it is a "Server Problem" at least I am forgetting something. Support our point. We managing only server configuration with load balancing change from 60k to 1.060 Request per minute in our servers, caching, https it means following "Best practices", even rails and plone if you don't configure correctly the server, by default you can left the server unsusable "Having the feeling of DoS" we have 3 goverment cases here in VE with plone where after 6 months of problems with a Plone site an friend "plone expert, mixing the well recommended practices and testing corectly solve the problem in 3 hours[1]. About security, I tried in very different ways to brake the security layer with portal users "Well COnfigured" and I couldn't brake anything, but Yes, a portal user can be added to "Employee" group and you can give access to undesired data easyly "Solution: We build a group which denied by default, and overwrite the write and restrict the access to SUPERUSER to the system", but again, it is configuration solvable issue. Did i miss something? Be carefull for your statements dude, because ignorant people can decide based on your credibility and a lot of people can loss business oportunities for your statements. Show proofs first! Regards. [1] http://www.slideshare.net/lcaballero/alta-disponibilidad-y-alto-desempeo-para-hospedaje-en-plone-en-el-debianday-merida-2011 -- -------------------- Saludos Cordiales Nhomar G. Hernandez M. +58-414-4110269 Skype: nhomar00 Web-Blog: http://geronimo.com.ve Servicios IT: http://vauxoo.com Linux-Counter: 467724 Correos: [email protected] [email protected] twitter @nhomar
_______________________________________________ Mailing list: https://launchpad.net/~openerp-community Post to : [email protected] Unsubscribe : https://launchpad.net/~openerp-community More help : https://help.launchpad.net/ListHelp
