I would like to to make Odoo read the admin_passwd form a file existing on the file system.
My use case is this:
I am running an odoo:10.0 container instance on a Docker swarm-mode cluster and would like to share the necessary credentials using docker secrets.
For instance, admin_passwd would be found at /run/secrets/admin_passwd... etc.
Is this type of configuration supported in Odoo?
If not, please put some spot lights on what may help me extend Odoo and develop such a module.
Thanks in advance!
In odoo passwords are stored in pbkdf2 crypto format for security reasons. They are stored in res_users table, if you need to query directly.
You can not reverse it easily. ;)
Related
Is there a way to connect to MySQL DB with maybe RSA keys or by providing SHA-256 encrypted login and password in code? Because let's say we want to post our app publicly. Anyone who can decompile the app will see all the code including our login and password to the database.
I was wondering (purely theoretically) because If I wanted to implement some kind of codes system (like those from gift cards or PaySafeCards) to my app so the user could have like a premium membership or different feature and I wanted to store them in my database then someone could just decompile the app, steal the login and password that were in code, access the database, steal the codes and have the membership for free so how would I prevent a situation like that from happening?
You need to use environment variables. Check this website to learn more. You will use the os module and more specifically os.environ which returns a dictionary that contains all current environment variables.
If you want to publish your code on a public platform such as Github you can set private environment variables. Check here
So we have been using Apache Superset, It's a great tool.
The only frustration come from that there are a few dashboards we want to share with users outside the company.
I believe right now the way to do it is go from the Gamma user then create a read only role (Correct me if I'm wrong)
There are a few downside of this:
we need to create a view per user on each table to make sure that they do not see the records that they are not supposed to.
the access is given by datasource, so they will be able to see any dashboard that use the same datasource, which can be a problem sometimes.
all of these authentication is a lot of work to maintain.
I'm wondering if there is any way (or even hack) to simply share the graphs and tables as a dashboard, without any database access granted.
Like a frozen or snapshot of dashboard,
like the way Redash does it:
https://redash.io/help/user-guide/dashboards/sharing-dashboards
What you are looking for can be achieved through a combination of the public user and appending ?standalone=true to the dashboard url.
You also don't need the entire list of Gamma user permissions, the most important ones are can explore on superset, explore json on superset and datasource access and csrf token. This basically renders the dashboards without the superset menu and should make everything readonly.
We can achieve this by creating a custom role.
1. Can remove all the menu items
2. Can disable the dashboard edit button
3. Can give access to specific tables.
So a user cannot access any other dashboard or charts
Eg. Dashboard
Public dashboards
This is not meant for production. It’s for experiments or while doing a proof of concept.
#superset_config.py
PUBLIC_ROLE_LIKE_GAMMA = True
or
PUBLIC_ROLE_LIKE: Optional[str] = "Gamma"
After this, we need to re-run the init user (if already run)
docker-compose exec superset superset-init
Dashboards & charts can be embedded without superset header (Nav bar etc) by adding standalone=true parameter to the url, like this :
http://localhost:9000/superset/dashboard/world_health/?standalone=true
We need to grant database source permissions to public role for the data to be visible.
please see: https://sairamkrish.medium.com/apache-superset-custom-authentication-and-integrate-with-other-micro-services-8217956273c1
Superset is great, I'm glad people are talking about it since the days when it was AirBnB's Caravel. It has come a long way.
There is no 'official' solution for what you're looking for but there is a way to effectively get the same result. You said you wouldn't mind a 'hack' so...
Creating a table or a data source and exposing it to the 'public' group should do what you're looking to accomplish.
I've heard that MongoDB is very good Database, especially for placing large data inside, However i'm not sure how safe can it really be.
I'm not experienced at MongoDB, but before i choose, i want to know how safe it can be for important data.
So for example, if i specified uri, i would type this:
uri = "mongodb://test1:test1#ds051990.mongolab.com:51990/base1"
I'm trying to make a P2P text chat, It can be accessed on user's PC with root permissions, Whenever user registers, User's Latest IP, Username and will be added to database, as code was shown below.
But the "Hacker" would easily access it by simply getting into code, and viewing all the information, then he would read/write all the data inside.
What would be the best solution to prevent this issue? I think high-level Databases like MongoDB would have some-kind of protection against other users accessing it.
How can make sure only necessary users can access database and other users can't enter it by viewing uri variable?
If not is there ANY other way i can do it? So user can't access Database at all, But i would read and write files from database.
You have no easy way of hiding the credentials. Instead, create a user with the minimal required permissions in the database, and use these credentials in your distributed code.
If you are worried about the users being able to see plain-text IP addresses, you should hash and salt them before inserting them to the database.
I am trying to determine how to best insert users into active directory from a SQL server table.
I figured I could use the LDAP sever to do a insert, but the research iv done would suggest otherwise and that I could only pull data from active directory to SQL server.
Then I thought I could use a python program to query the table and spit out a CSV file to then do a bulk insert but I am not sure if this would modify existing users if data changes.
Any insight would be appreciated
Here's a general idea of the algorithm:
Load user data from SQL Server
Convert it into an LDIF (LDAP Data Interchange Format) file
Import the LDIF file into Active Directory using the LDIFDE command-line tool
Python, or any other programming language, can help you with step 2. Notice that the details of the conversion are very specific to how your data is represented. You'll have to carefully map each data base field into an LDAP attribute, and determine the classes to be used in the LDAP objects.
Will the above modify existing users? yes, of course. You could write the LDIF in such a way that it updates the existing data, or if that's a problem you could verify first if an user exists in the Active Directory and don't add those changes to the LDIF file.
Alternatively
You could use CSVDE for importing data in CSV format, but anyway you'll have to design a mapping strategy for each one of the fields that you want to import into Active Directory.
I am writing a desktop application in Python. This application requires the user to input their GMail email and password (however an account must be created specifically for this app, so it's not their personal (read: important) GMail account). I was wondering what would be the best way to store those login credentials. I don't need it to be super secure, but would like something more than storing it as plain text.
Thank you in advance.
Any chance you could not store the information on disk at all? I think that's always the most secure approach, if you can manage it. Can you check the credentials and then discard that information?
You can always encrypt the information if that doesn't work, but the decryption mechanism and key would probably have to reside in your program, then. Still, it might meet your criterion of not super-secure but better than plain text.
Use the OS keyring for this, which is the job of the python-keyring module.
Use the platform's native configuration storage mechanism (registry, GConf, plist).
If you are using Qt for your app, you should really use QSettings and let the framework handle the storage for you. Note: QSettings will NOT encrypt anything for you, but will store values in the most appropriate location depending on the platform it's running on.
Regarding security, you really should use OAuth, like in the example here, and just store the resulting token.