Search Confirmation
Hello POSNext maintainers and community,
I am opening this issue to request clarification and community review regarding the implementation of the branding protection mechanism included in POSNext.
During a security review of the application, I found a module related to branding protection located under:
pos_next/pos_next/doctype/brainwise_branding
The implementation appears to introduce a dedicated protection layer outside the standard ERPNext/Frappe permission system.
Observations
The module includes features such as:
Protected branding fields that cannot be modified through normal administrative privileges.
A Master Key mechanism requiring both a key and a phrase.
SHA-256 based verification of credentials.
Audit logging of modification attempts.
Automatic re-locking of protected fields after saving.
Use of ignore_permissions=True in some operations.
Internal whitelisted methods such as:
validate_branding
verify_master_key
generate_new_master_key
log_client_event
The user-facing documentation states:
Lost Your Master Key? Contact BrainWise support.
Findings from the Review
At the time of this review, I did not identify evidence of external HTTP communication, remote data exfiltration, or transmission of customer records from this specific module.
I did not find usage of common outbound communication methods such as:
requests
httpx
aiohttp
frappe.make_post_request
frappe.make_get_request
within the reviewed branding component.
Therefore, based solely on the reviewed code, I cannot conclude that this mechanism acts as spyware or a remote backdoor.
Community Concerns
However, the implementation raises several questions regarding transparency and maintainability:
Why is an additional authorization layer required beyond ERPNext/Frappe roles and permissions?
Is this mechanism intended solely for branding/license enforcement?
Under what licensing terms was this functionality introduced?
Why are administrators unable to modify these settings without a vendor-controlled master key?
Is there an officially supported method to disable or remove this component in self-hosted deployments?
Are there any dependencies on pos_next.api.branding.validate_branding that administrators should be aware of before removing the branding module?
Request for Clarification
I respectfully request the maintainers to provide:
Official documentation explaining the purpose of this mechanism.
Guidance on safely disabling it when organizations require full control over self-hosted installations.
Clarification on whether the master key is customer-owned or vendor-owned.
A statement confirming whether this module is related exclusively to branding protection and not to license enforcement affecting core POS functionality.
Purpose of this Issue
This issue is not intended as an accusation.
The goal is to improve transparency, allow independent security review, and help self-hosted users understand the implications of deploying this component in production environments.
Thank you to the maintainers and community members who can provide technical clarification and guidance.
POS Next Version
v1.16.0
Search Confirmation
Hello POSNext maintainers and community,
I am opening this issue to request clarification and community review regarding the implementation of the branding protection mechanism included in POSNext.
During a security review of the application, I found a module related to branding protection located under:
pos_next/pos_next/doctype/brainwise_branding
The implementation appears to introduce a dedicated protection layer outside the standard ERPNext/Frappe permission system.
Observations
The module includes features such as:
Protected branding fields that cannot be modified through normal administrative privileges.
A Master Key mechanism requiring both a key and a phrase.
SHA-256 based verification of credentials.
Audit logging of modification attempts.
Automatic re-locking of protected fields after saving.
Use of ignore_permissions=True in some operations.
Internal whitelisted methods such as:
validate_branding
verify_master_key
generate_new_master_key
log_client_event
The user-facing documentation states:
Lost Your Master Key? Contact BrainWise support.
Findings from the Review
At the time of this review, I did not identify evidence of external HTTP communication, remote data exfiltration, or transmission of customer records from this specific module.
I did not find usage of common outbound communication methods such as:
requests
httpx
aiohttp
frappe.make_post_request
frappe.make_get_request
within the reviewed branding component.
Therefore, based solely on the reviewed code, I cannot conclude that this mechanism acts as spyware or a remote backdoor.
Community Concerns
However, the implementation raises several questions regarding transparency and maintainability:
Why is an additional authorization layer required beyond ERPNext/Frappe roles and permissions?
Is this mechanism intended solely for branding/license enforcement?
Under what licensing terms was this functionality introduced?
Why are administrators unable to modify these settings without a vendor-controlled master key?
Is there an officially supported method to disable or remove this component in self-hosted deployments?
Are there any dependencies on pos_next.api.branding.validate_branding that administrators should be aware of before removing the branding module?
Request for Clarification
I respectfully request the maintainers to provide:
Official documentation explaining the purpose of this mechanism.
Guidance on safely disabling it when organizations require full control over self-hosted installations.
Clarification on whether the master key is customer-owned or vendor-owned.
A statement confirming whether this module is related exclusively to branding protection and not to license enforcement affecting core POS functionality.
Purpose of this Issue
This issue is not intended as an accusation.
The goal is to improve transparency, allow independent security review, and help self-hosted users understand the implications of deploying this component in production environments.
Thank you to the maintainers and community members who can provide technical clarification and guidance.
POS Next Version
v1.16.0