Was just thinking of that, you can consider roughly 2 types of attacks:
persistent and non-persistent.
Non-persistent attacks are the weaker type of attacks. Since the DB is not
compromised outsiders can't get control of the system,
the data are not at risks, notably the credentials!
. But I am still
left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
--
View this message in context:
http://ofbiz.135035.n4.nabble.com/Multi-tenant-Security-tp4336437p4337693.html
Sent from the OFBiz - User mailing
Hi Jacques:
Thanks again for helping me understand the issues and sharing the same
on this venue (the mailing list). This information will clearly benefit
all those looking at this alternative.
Best of all, when people ask me about this, I can point them to the
mailing list and let them
Hans, Pierre and several others have been kind enough to outline the
OFBiz multi-tenant value proposition.
I appreciate this primarily because I can't even count the number of
times prospective OFBiz users have asked me about it. Now, with this
background information, I feel comfortable
The initial multi-tenant implementation was simply a way to run multiple
database instances on a single copy of OFBiz - basically a user logs
into a database instance. Other than that, nothing much changed - so the
dangers of someone hacking into a multi-tenant instance of OFBiz is no
Hi Adrian:
Ah, but it is. From a business point-of-view, in the single instance
case, the only instance compromised is that instance. In the
multi-tenant case, all tenants (still the same instance) could be
compromised. True? or Not?
Regards,
Ruth
On 1/28/12 12:24 PM, Adrian Crum wrote:
The
If a SQL injection was able to compromise one tenant DB, it could indeed be
able to compromise the entire system
Note that there are no known/proven SQL injection vulnerabilites in OFBiz.
The most relevant article I found is http://iaas.ulitzer.com/node/1624391/mobile (look for SQL Injection
Hi Jacques:
Isn't there more to this than just SQL injection? It is not so much that
a single tenant is compromised. It is that a single tenant might be the
ONE doing the compromising. They might be able to do this because they
are a tenant and thus have access to the system.
That is what I
Yes of course, we can't exclude this possibily, as you maybe read in this article, the other types of vulnerabilites can be
exploited as well. And then, as all the tenants are sharing the same system, one compromised tenant is potentially compromising all
the system.
The most possible type of
implementations. But I am still
left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
--
View this message in context:
http://ofbiz.135035.n4.nabble.com/Multi-tenant-Security-tp4336437p4337693.html
Sent from the OFBiz
, I'd like to endorse multi-tenant implementations. But I am still
left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
--
View this message in context:
http://ofbiz.135035.n4.nabble.com/Multi-tenant
11 matches
Mail list logo