Something I found rather curious is that ERPNext doesn’t seem to have any official documentation on how best to secure an instalaltion/instance of ERPNext. No relevant documentation on recommended file permissions, best practices etc especially considering this is a system that has a frontend open to the web.
We use Odoo as well as a few other systems currently and they all have something dedicated to this.
Any pointers from ERPNext veterans on recommended steps for security?
Join in the group planning to work on Security and Documentation improvement. Here is the link for you to participate.
Since you already into other ecosystem, it would be great to have you in.
_Liyakat
Good question Neal -
Just my 2 cents, much on this topic already exists that applies to ERPNext too (like most any other web-facing software product.)
Here’s a digestible intro to ‘external’ threats and steps to harden against them Website security - Learn web development | MDN
A web search on ‘Linux security best practices’ will land you references like this https://www.cyberciti.biz/tips/linux-security.html
Lots to ponder, the new year is as good a time as any for an audit review!?