Odoo GTK Client (MOVED TO GITHUB)

no field security with csv export

Bug #854849 reported by invitu on 2011-09-20

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	Odoo GTK Client (MOVED TO GITHUB)	Confirmed	Wishlist	OpenERP's Framework R&D

Bug Description

Field security is not managed in csv exporting.

If a user has not the right to access to a field in an object (for example standard price in products), he can export the data with gtk client.

This is a security hole

Revision history for this message

Olivier Dony (Odoo) (odo-openerp) wrote on 2011-09-21:

Hi Cyril,

As discussed, this is rather an improvement request than a security bug, as OpenERP does not have per-field access rights at the moment. Also, the bug does not have to be private, so let's make it public.

Thanks for your understanding!

Changed in openobject-client:
assignee:	nobody → OpenERP's Framework R&D (openerp-dev-framework)
importance:	Undecided → Wishlist
status:	New → Confirmed

Olivier Dony (Odoo) (odo-openerp) on 2011-09-21

security vulnerability:	yes → no
visibility:	private → public

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.