Hans, Pierre and several others have been kind enough to outline the
OFBiz multi-tenant value proposition.
I appreciate this primarily because I can't even count the number of
times prospective OFBiz users have asked me about it. Now, with this
background information, I feel comfortable articulating the marketing
value proposition.
What I still have great angst about, is the security side of
multi-tenancy. Perhaps someone can clarify or answer this basic question:
What is to stop a hacker or otherwise malicious tenant from writing a
Groovy script (or Java program that is inserted on the classpath when
the system is rebooted) that acts as a "trojan horse"? For example, how
can you stop a savvy tenant from adding a program (or, I could even see
hacking the Mini-lang since all it is - is interpreted XML statements)
that monitors (JVM) memory and captures shopping cart objects or
usernames and passwords of the other tenants?
Really, I'd like to endorse multi-tenant implementations. But I am still
left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
