Hi Adrian:
Ah, but it is. From a business point-of-view, in the "single" instance
case, the only instance compromised is that instance. In the
multi-tenant case, all tenants (still the same instance) could be
compromised. True? or Not?
Regards,
Ruth
On 1/28/12 12:24 PM, Adrian Crum wrote:
The initial multi-tenant implementation was simply a way to run
multiple database instances on a single copy of OFBiz - basically a
user logs into a database instance. Other than that, nothing much
changed - so the dangers of someone hacking into a multi-tenant
instance of OFBiz is no different than a single instance.
-Adrian
On 1/28/2012 5:17 PM, Ruth Hoffman wrote:
Hans, Pierre and several others have been kind enough to outline the
OFBiz multi-tenant value proposition.
I appreciate this primarily because I can't even count the number of
times prospective OFBiz users have asked me about it. Now, with this
background information, I feel comfortable articulating the marketing
value proposition.
What I still have great angst about, is the security side of
multi-tenancy. Perhaps someone can clarify or answer this basic
question:
What is to stop a hacker or otherwise malicious tenant from writing a
Groovy script (or Java program that is inserted on the classpath when
the system is rebooted) that acts as a "trojan horse"? For example,
how can you stop a savvy tenant from adding a program (or, I could
even see hacking the Mini-lang since all it is - is interpreted XML
statements) that monitors (JVM) memory and captures shopping cart
objects or usernames and passwords of the other tenants?
Really, I'd like to endorse multi-tenant implementations. But I am
still left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
