Hi Jacques:
Isn't there more to this than just SQL injection? It is not so much that
a single tenant is compromised. It is that a single tenant might be the
ONE doing the compromising. They might be able to do this because they
are a tenant and thus have access to the system.
That is what I am wondering.
Thanks much for you insight.
Ruth
On 1/28/12 5:23 PM, Jacques Le Roux wrote:
If a SQL injection was able to compromise one tenant DB, it could
indeed be able to compromise the entire system
Note that there are no known/proven SQL injection vulnerabilites in
OFBiz.
The most relevant article I found is
http://iaas.ulitzer.com/node/1624391/mobile (look for "SQL Injection
In Multi Tenant Database Design")
Also IBM seems to have deposed an intellectual property
http://ip.com/IPCOM/000184999
HTH
Jacques
From: "Ruth Hoffman" <[email protected]>
Hi Adrian:
Ah, but it is. From a business point-of-view, in the "single"
instance case, the only instance compromised is that instance. In the
multi-tenant case, all tenants (still the same instance) could be
compromised. True? or Not?
Regards,
Ruth
On 1/28/12 12:24 PM, Adrian Crum wrote:
The initial multi-tenant implementation was simply a way to run
multiple database instances on a single copy of OFBiz - basically a
user logs into a database instance. Other than that, nothing much
changed - so the dangers of someone hacking into a multi-tenant
instance of OFBiz is no different than a single instance.
-Adrian
On 1/28/2012 5:17 PM, Ruth Hoffman wrote:
Hans, Pierre and several others have been kind enough to outline
the OFBiz multi-tenant value proposition.
I appreciate this primarily because I can't even count the number
of times prospective OFBiz users have asked me about it. Now, with
this background information, I feel comfortable articulating the
marketing value proposition.
What I still have great angst about, is the security side of
multi-tenancy. Perhaps someone can clarify or answer this basic
question:
What is to stop a hacker or otherwise malicious tenant from writing
a Groovy script (or Java program that is inserted on the classpath
when the system is rebooted) that acts as a "trojan horse"? For
example, how can you stop a savvy tenant from adding a program (or,
I could even see hacking the Mini-lang since all it is - is
interpreted XML statements) that monitors (JVM) memory and captures
shopping cart objects or usernames and passwords of the other tenants?
Really, I'd like to endorse multi-tenant implementations. But I am
still left with this one - very significant - security question.
Anyone care to respond? Am I missing something here?
Regards,
Ruth Hoffman
