This is an automated email from the ASF dual-hosted git repository. fuweng11 pushed a commit to branch INLONG-1186 in repository https://gitbox.apache.org/repos/asf/inlong-website.git
commit 2d07b911f5e3c9a680f87f3c50b9bf8b3b9f83b0 Author: wakefu <[email protected]> AuthorDate: Tue Jun 30 14:27:14 2026 +0800 [INLONG-1186][Doc] Update security doc --- docs/security.md | 1 + i18n/zh-CN/docusaurus-plugin-content-docs/current/security.md | 3 +++ 2 files changed, 4 insertions(+) diff --git a/docs/security.md b/docs/security.md index 1cb6f172948..5dfb8c1d3dd 100644 --- a/docs/security.md +++ b/docs/security.md @@ -18,3 +18,4 @@ The security mailing address is: Apache InLong's Sort module provides real-time synchronization capabilities, supporting reading from and writing to various types of databases with trusted data. Unless specified otherwise, the presence of malicious data in the database is considered a security risk for the user. We emphasize that users are responsible for ensuring the security of their database data. Therefore, if vulnerabilities are triggered by the content of the synchronized data, such issues should not be reported a [...] +Apache InLong's Manager module provides tenant isolation capabilities, enabling permission management based on tenants. Any member of a tenant can view all business information within that tenant, while only the responsible personnel of a Group can modify or delete Group, Sink, Stream, and related entities. We believe that if users want to ensure their business data is not accessible by others, they simply need to prevent other users from joining their tenant. Therefore, if potential vul [...] diff --git a/i18n/zh-CN/docusaurus-plugin-content-docs/current/security.md b/i18n/zh-CN/docusaurus-plugin-content-docs/current/security.md index fde1ab64e32..5671c335eb4 100644 --- a/i18n/zh-CN/docusaurus-plugin-content-docs/current/security.md +++ b/i18n/zh-CN/docusaurus-plugin-content-docs/current/security.md @@ -18,3 +18,6 @@ Apache 软件基金会积极致力于消除针对其产品的安全问题和拒 Apache InLong 中 Sort 模块提供实时同步的能力,支持在各种类型的数据库中读取/写入受信任的数据。除非另有规定,否则数据库中存在恶意的数据是不安全的。我们认为,用户需要确保其数据库中的数据是安全的。因此,如果是因为同步的数据内容可能触发某些漏洞,则不要将此问题报告为 Apache InLong 的漏洞。我们欢迎提出强化代码库的建议。 +Apache InLong 中 Manager 模块提供租户隔离的能力,支持在每个用户通过租户来进行一定的权限管理,只要是租户的成员即可查看当前租户下的所有业务信息,而只有 Group 的责任人才能对 Group、Sink、Stream 等信息进行修改、删除操作。我们认为,用户如果用户需要确保租户中的业务信息不允许其他业务查看,只需要确保其他用户没有加入当前用户的租户即可。因此,如果是因为当前租户下的 Group、Stream 等信息能被租户成员查看可能触发某些漏洞,则不要将此问题报告为 Apache InLong 的漏洞。我们欢迎提出强化代码库的建议。 + +
