[
https://issues.apache.org/jira/browse/OFBIZ-4130?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13196711#comment-13196711
]
Pierre Smits commented on OFBIZ-4130:
-------------------------------------
So what you're saying it is ok that when you provide one of the employees of
your tenant access to framework tools to do entity data management on the
backend he can also find out who your other tenants are?
And via the tenant-ID and some (minor) effort can get access to the data of
your other tenants?
> Tenant super user (tenant admin) can view all database details of all tenants
> -----------------------------------------------------------------------------
>
> Key: OFBIZ-4130
> URL: https://issues.apache.org/jira/browse/OFBIZ-4130
> Project: OFBiz
> Issue Type: Bug
> Components: framework
> Affects Versions: Release Branch 10.04, SVN trunk
> Reporter: Pierre Smits
> Priority: Critical
> Fix For: Release Branch 10.04, SVN trunk
>
>
> When a new tenant is created and the super user of the tenant (the
> tenant-admin) logs in to WebTools and views the tables Tenant and
> TenantDataSource he/she can see all details of the tenant databases, incl
> TenantName, userID and password of the tenant databases.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
