During our day to day operations, especially when our sales team, together with our functional consultants, are evaluating the work effort during project rescue operations, we come across the need to figure out what apps and modules are installed in a database where we have no access. In order to save time we are typically using a less documented feature in Odoo:
This page provides a list of all the installed Odoo apps along with their developers, and descriptions, see the screenshot above. While this information is very useful if you are investigating what apps and modules are installed, at the same time this information is useful if you are spying on a competitor.
We at OERP Canada we believe in security and in cost effective solutions.
Here are some very simple steps you can take to prevent this information from being displayed:
- Log in to your Odoo instance as an administrator.
- Turn on the debug mode by going into Settings ‣ General Settings ‣ Developer Tools and click on Activate the developer mode.
- Now, we need to create a redirect action in Odoo which will give the user 404 (page not found) error when the public user tries to access the URL
- Go to Website ‣ Configuration ‣ Redirects and create a redirect as shown below.
After setting this up, try to visit the URL https://example.com/website/info . The page will return a 404 Error, as you can see in the image below:
In conclusion, Odoo displays information about installed apps on the /website/info page, which can be useful but will also reveal sensitive information about your instance. By taking the steps outlined above, you can prevent the display of this information and enhance the security of your Odoo instance.
If you have any questions or need further assistance with this, please don't hesitate to contact us here.
We are always happy to help!
Prevent access to /website/info