Something I found rather curious is that ERPNext doesn’t seem to have any official documentation on how best to secure an instalaltion/instance of ERPNext. No relevant documentation on recommended file permissions, best practices etc especially considering this is a system that has a frontend open to the web.
We use Odoo as well as a few other systems currently and they all have something dedicated to this.
Any pointers from ERPNext veterans on recommended steps for security?