Securing the database is very important to keep data safe in odoo and to isolate customer databases running on the same cluster. So we need to make the best practices in terms of users, passwords, access control management.
Video Contents:
00:00 Introduction
00:35 Key points to secure Odoo 13 database
01:27 Secure Odoo 13 Database
01:48 Configuration of Odoo Config file
10:39 Configuration of PostgreSQL
13:00 Connection Settings of PostgreSQL Configuration
16:12 Security and Authentication for PostgreSQL
First, let us go through some key points related to securing the Odoo 13 database:
Set a strong super-admin password, and restrict access to the database management pages as soon as the system is set up
Unique logins and strong passwords for all admin accounts on all databases
Better not to install demo data that may contain default logins and passwords which is not secure to use
Use database filters to restrict the visibility of your databases according to the hostname
Make sure the PostgreSQL user (db_user) is not a super-user
Now let us discuss the configurations that can be done to enhance the security of the database:
In odoo.config file adds some database settings which include:
admin_password– admin_password is a master database password that is set at first boot and can be set from front end also.It is used to manage the databases ie. To create,duplicate,delete,backup and restore databases.
db_host–To specify the database host.By default it is localhost
db_port–The database port(by default it is None)
db_user–Database User name
db_password–Database password for db_user
db_maxconn–Maximum number of physical connections to postgresql
db_name and db_filter:
It is used to determine which database should be used to load the website page
Database should be selected based on the hostname (domain) that is being requested.Odoo is an multi-tenant system that run and serve a number of database instances which is not an issue for a logged in company user who can log-in and select the databases.But users like website users and portal users are not bound to the database.So it is neccessery to decide which database needed to be used to load the website page.
db_filter value contains a regular expression, that includes the dynamically injected hostname (%h) or the first subdomain (%d) through which the system is being accessed.
Following can be added to the configuration file
[options]
db_filter = ^yourcompany.*$ (It shows only databases matching the first subdomain)
db_name=yourcompany ( This database only will be loaded)
If db_name value is given as false, then all databases are loaded
See the changes by restarting the service
Configuring PostgreSQL
In pg_hba.conf file:
Here you can add local connections with address, methods and it is possible to allow replication connection from local host by a user with replication privilage.
In postgresql.conf file:
Connections and Authentication settings
Set the following in your configuration file:
Connection Settings:
listen_addresses (string)
port (integer)
max_connections (integer)
superuser_reserved_connections (integer)
unix_socket_directories (string)
unix_socket_group (string)
unix_socket_permissions (integer)
bonjour (boolean)
bonjour_name (string)
tcp_keepalives_idle (integer)
tcp_keepalives_interval (integer)
tcp_keepalives_count (integer)
Security and Authentication:
authentication_timeout (integer)
ssl (boolean)
ssl_ca_file (string)
ssl_cert_file (string)
ssl_crl_file (string)
ssl_key_file (string)
ssl_ciphers (string)
ssl_prefer_server_ciphers (bool)
ssl_ecdh_curve (string)
password_encryption (boolean)
krb_server_keyfile (string)
krb_caseins_users (boolean)
db_user_namespace (boolean)
#odoodatabase #odoosecurity #odoo13
#secure #Odoo #database